SV: Loadbalancing+failover solution
Hi Michael, We use a solution with 2 loadbalancers in front of 3+ postfix servers All MX records ( for around 100 domains ) are directed to the same address - the address of the loadbalancers. Based on statistics for each server the mail is redirected to one of the 3-6 postfix servers we have running. Statistics for each server is written to Our Mysql Backend cluster where all postfix related files are located As long as just one postfix server is running - mail is in function. We are able to add more servers on the fly depending on load. Best regards Peter Sørensen/Univ.Of.South.Denmark/email:mas...@sdu.dk Fra: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] På vegne af Michael Maymann Sendt: 27. december 2011 08:47 Til: Postfix users Emne: Re: Loadbalancing+failover solution Hi All, Wietse: thanks for your replies - and sorry for not really knowing what I'm asking...:-) I guess my question is regarding receiving mail to PostFix: Linux servers-PostFix. is DNS RoundRobin or MX record with equal value preferred thanks in advance :-) ! ~maymann 2011/12/23 Wietse Venema wie...@porcupine.orgmailto:wie...@porcupine.org Wietse: According to these: http://www.postfix.org/postconf.5.html#smtp_mx_address_limit http://www.postfix.org/postconf.5.html#smtp_mx_session_limit The Postfix SMTP client will try at least five IP addresses or two SMTP sessions, When it reaches either limit, Postfix will try another delivery later for several days. The retry schedule behaves as documented at: http://www.postfix.org/TUNING_README.html#hammer Michael Maymann: Hi Wietse, thanks for your nice comments. I guess what you mention is valid for my internal postfix relay server-ISP mailserver - or am I mistaken ? What I write is valid for the Postfix SMTP client, whether it sends mail to your ISP, or to your internal mail server. Wietse
Re: Loadbalancing+failover solution
Hi all, Reindl: Thanks for your reply. I guess this is for sending mails from postfix... my setup is regarding linux server-postfix (so receiving mails, seen from postfix point-of-view). - how many retries total/per day ? - what is the difference if I do it DNS RR/MX equal value, do you know ? Thanks in advance :-) ! ~maymann 2011/12/27 Reindl Harald h.rei...@thelounge.net Am 27.12.2011 18:12, schrieb Michael Maymann: But if one postfix servers goes down, will all DNS replies then be only for alive-postfix or will there also be dead-postfix replies that needs to timeout, before it retries (and for how many times?) and potentially end up dropping the mail if it is so unlucky to get replies for dead-postfix on all retries ? normally a mailserver tries up to five days to deliver a message
Re: Loadbalancing+failover solution
Hi all, Thanks Peter, for you kind reply - some setup you have there... sounds very nice indeed...:-) ! - If i have a lower budget, can this then be achieved without the loadbalancers and still have same redundancy/flexibility (using e.g. DNS RR/MX with equal value) - if so what is for/against/preferred ?: DNS RR: so just have like load-sharing (mail1-postfix1, mail2-postfix2, mail3-postfix1, etc.). But if one postfix servers goes down, will all DNS replies then be only for alive-postfix - or will there also be dead-postfix replies that needs to timeout, before it retries (and for how many times?) and potentially end up dropping the mail if it is so unlucky to get replies for dead-postfix on all retries ? MX with equal value: is this handling differently? does a request load all MX records for the domain, and then sort them by value and then alphabetically, ending up with: if one postfix is down it will automatically try the next one in the sorted list...? Thanks in advance :-) ! ~maymann Den 27. dec. 2011 10.29 skrev Peter Sørensen mas...@sdu.dk: Hi Michael, ** ** We use a solution with 2 loadbalancers in front of 3+ postfix servers All MX records ( for around 100 domains ) are directed to the same address – the address of the loadbalancers. Based on statistics for each server the mail is redirected to one of the 3-6 postfix servers we have running. Statistics for each server is written to Our Mysql Backend cluster where all postfix related files are located ** ** As long as just one postfix server is running - mail is in function. We are able to add more servers on the fly depending on load. ** ** Best regards ** ** ** ** Peter Sørensen/Univ.Of.South.Denmark/email:mas...@sdu.dk * * *Fra:* owner-postfix-us...@postfix.org [mailto: owner-postfix-us...@postfix.org] *På vegne af *Michael Maymann *Sendt:* 27. december 2011 08:47 *Til:* Postfix users *Emne:* Re: Loadbalancing+failover solution ** ** Hi All, Wietse: thanks for your replies - and sorry for not really knowing what I'm asking...:-) I guess my question is regarding receiving mail to PostFix: Linux servers-PostFix. is DNS RoundRobin or MX record with equal value preferred thanks in advance :-) ! ~maymann 2011/12/23 Wietse Venema wie...@porcupine.org Wietse: According to these: http://www.postfix.org/postconf.5.html#smtp_mx_address_limit http://www.postfix.org/postconf.5.html#smtp_mx_session_limit The Postfix SMTP client will try at least five IP addresses or two SMTP sessions, When it reaches either limit, Postfix will try another delivery later for several days. The retry schedule behaves as documented at: http://www.postfix.org/TUNING_README.html#hammer Michael Maymann: Hi Wietse, thanks for your nice comments. I guess what you mention is valid for my internal postfix relay server-ISP mailserver - or am I mistaken ? What I write is valid for the Postfix SMTP client, whether it sends mail to your ISP, or to your internal mail server. Wietse ** **
Re: Loadbalancing+failover solution
Am 27.12.2011 18:12, schrieb Michael Maymann: But if one postfix servers goes down, will all DNS replies then be only for alive-postfix or will there also be dead-postfix replies that needs to timeout, before it retries (and for how many times?) and potentially end up dropping the mail if it is so unlucky to get replies for dead-postfix on all retries ? normally a mailserver tries up to five days to deliver a message signature.asc Description: OpenPGP digital signature
Re: Loadbalancing+failover solution
On 12/27/2011 11:26 AM, Michael Maymann wrote:
Hi all,
Reindl: Thanks for your reply.
I guess this is for sending mails from postfix... my setup is
regarding linux server-postfix (so receiving mails, seen from
postfix point-of-view).
- how many retries total/per day ?
Retries are controlled by the sending side. The (postfix) receiver
cannot initiate a retry.
- what is the difference if I do it DNS RR/MX equal value, do
you know ?
This affects the sender, not the receiver. With postfix sending,
there is no difference.
Other software could possibly treat them differently. There is
anecdotal evidence that some non-postfix software assumes {one MX
hostname, multiple A records} is a single multihome host, and won't
try the second IP if the first is down.
-- Noel Jones
Re: Loadbalancing+failover solution
On Tue, Dec 27, 2011 at 06:12:12PM +0100, Michael Maymann wrote: Hi all, Thanks Peter, for you kind reply - some setup you have there... sounds very nice indeed...:-) ! - If i have a lower budget, can this then be achieved without the loadbalancers and still have same redundancy/flexibility (using e.g. DNS RR/MX with equal value) - if so what is for/against/preferred ?: I looked over the rest of the thread and I suspect people are talking about different things. If I understand correctly, you want a relay. You have a lot of servers with a primary function that is not sending mail, but which do send mail, and you want to relay all the mail out through a set of controlled dedicated mail servers. Am I right? If so, the basic question is *how* the servers send mail. Either the applications send mail directly to a hostname (Java Mail or PHP for example), or they use the local mailer, which would be postfix, I suppose, with a default smarthost configuration pointing to your dedicated mail servers. Pros and Cons: - Not using local mailer wil permit loadbalancing mail sent from a single host over several postfix instances. - Using local mailer will always work for all applications (since applications that send to a hostname can send to 127.0.0.1) - Using local mailer forces you to monitor the daemon and the queues on all the machines, and takes up (probable negligable) system resources - Using local mailers will give you the UID of the sending process in the headers - Using local mailer protects you from a short outage of the dedicated servers or some part of the network. Mail will be spooled locally until the dedicated machines come back on line. - Conversely, not using a local mailer will protect you from local failures such as full disks or postfix not running, but expose you more to network problems and availability problems. That will cause you to look at redundant load balancers. - Using a load balancer will probably require you to mask source IPs. That doesn't matter if you trust your servers or if you run local firewalls forcing mail to run through the local mailer. If you worry about client-written forms being exploited to send spam you need to think about that. DNS RR: so just have like load-sharing (mail1-postfix1, mail2-postfix2, mail3-postfix1, etc.). But if one postfix servers goes down, will all DNS replies then be only for alive-postfix - or will there also be dead-postfix replies that needs to timeout, before it retries (and for how many times?) and potentially end up dropping the mail if it is so unlucky to get replies for dead-postfix on all retries ? MX with equal value: is this handling differently? does a request load all MX records for the domain, and then sort them by value and then alphabetically, ending up with: if one postfix is down it will automatically try the next one in the sorted list...? If you use a redundant load balancer, it will take care of all that and always reply. Unless the network goes down, of course. If you do not, then there will be timeouts if something goes down. You can specify relayhosts with or without brackets; the brackets stop MX lookups. I seem to remember that in postfix a relayhost that resolves to several IP addresses will be handled more or less the same as a relayhost the has several MX records. I think that wondering about which is more efficient is not very useful since the difference is certainly vanishingly small. Using MX permits you to specify main servers and backup servers, but that's about it. However, non-mail applications that send mail directly will probably not be able to handle anything else than a single host/IP correctly. So . . . is there a unique answer . . . probably not, need more info on your situation and needs :-)
Re: Loadbalancing+failover solution
Hi Lorens, thanks for your kind reply...:-) ! yes this is exactly the case... and my internal local-mailers consist on standard RHEL5+6 servers and NetApp's. Our ISP is restricting mail from only 1 of our sites, so we need to relay all our internal mail globally through this site. We can't prevent non-mail applications, as we don't have 100% control of all hosts (LAB equipment etc.), so I guess it makes sense to still keep local-mailer, at-least just to keep consistency. Thanks for clarifying...:-) Do you have a howto for this setup laying around somewhere (local-mailer - HA postfix relay) ?: Thanks in advance :-) ! ~maymann 2011/12/27 Lorens Kockum postfix-users-4...@tagged.lorens.org On Tue, Dec 27, 2011 at 06:12:12PM +0100, Michael Maymann wrote: Hi all, Thanks Peter, for you kind reply - some setup you have there... sounds very nice indeed...:-) ! - If i have a lower budget, can this then be achieved without the loadbalancers and still have same redundancy/flexibility (using e.g. DNS RR/MX with equal value) - if so what is for/against/preferred ?: I looked over the rest of the thread and I suspect people are talking about different things. If I understand correctly, you want a relay. You have a lot of servers with a primary function that is not sending mail, but which do send mail, and you want to relay all the mail out through a set of controlled dedicated mail servers. Am I right? If so, the basic question is *how* the servers send mail. Either the applications send mail directly to a hostname (Java Mail or PHP for example), or they use the local mailer, which would be postfix, I suppose, with a default smarthost configuration pointing to your dedicated mail servers. Pros and Cons: - Not using local mailer wil permit loadbalancing mail sent from a single host over several postfix instances. - Using local mailer will always work for all applications (since applications that send to a hostname can send to 127.0.0.1) - Using local mailer forces you to monitor the daemon and the queues on all the machines, and takes up (probable negligable) system resources - Using local mailers will give you the UID of the sending process in the headers - Using local mailer protects you from a short outage of the dedicated servers or some part of the network. Mail will be spooled locally until the dedicated machines come back on line. - Conversely, not using a local mailer will protect you from local failures such as full disks or postfix not running, but expose you more to network problems and availability problems. That will cause you to look at redundant load balancers. - Using a load balancer will probably require you to mask source IPs. That doesn't matter if you trust your servers or if you run local firewalls forcing mail to run through the local mailer. If you worry about client-written forms being exploited to send spam you need to think about that. DNS RR: so just have like load-sharing (mail1-postfix1, mail2-postfix2, mail3-postfix1, etc.). But if one postfix servers goes down, will all DNS replies then be only for alive-postfix - or will there also be dead-postfix replies that needs to timeout, before it retries (and for how many times?) and potentially end up dropping the mail if it is so unlucky to get replies for dead-postfix on all retries ? MX with equal value: is this handling differently? does a request load all MX records for the domain, and then sort them by value and then alphabetically, ending up with: if one postfix is down it will automatically try the next one in the sorted list...? If you use a redundant load balancer, it will take care of all that and always reply. Unless the network goes down, of course. If you do not, then there will be timeouts if something goes down. You can specify relayhosts with or without brackets; the brackets stop MX lookups. I seem to remember that in postfix a relayhost that resolves to several IP addresses will be handled more or less the same as a relayhost the has several MX records. I think that wondering about which is more efficient is not very useful since the difference is certainly vanishingly small. Using MX permits you to specify main servers and backup servers, but that's about it. However, non-mail applications that send mail directly will probably not be able to handle anything else than a single host/IP correctly. So . . . is there a unique answer . . . probably not, need more info on your situation and needs :-)
Re: Loadbalancing+failover solution
On Tue, Dec 27, 2011 at 09:24:01PM +0100, Michael Maymann wrote: thanks for your kind reply...:-) ! yes this is exactly the case... and my internal local-mailers consist on standard RHEL5+6 servers and NetApp's. Our ISP is restricting mail from only 1 of our sites, so we need to relay all our internal mail globally through this site. We can't prevent non-mail applications, as we don't have 100% control of all hosts (LAB equipment etc.), so I guess it makes sense to still keep local-mailer, at-least just to keep consistency. If it's for consistency, you would *not* have local mailers, but you would configure everything to point at your HA postfix relay. However I personally like local mailers as long as something is automatically monitoring that they are well, and you may find programs that will not work otherwise. Do you have a howto for this setup laying around somewhere (local-mailer - HA postfix relay) ?: Not really, but it's basically going through the basic configuration readme and answering For local mailers: What domain name to use in outbound mail: $your_domain.com What domains to receive mail for: none at all What clients to relay mail from: localhost only What destinations to relay mail to: default (nothing) What delivery method: indirect: relayhost = [mailout.$your_domain.com] For your HA relays: What domain name to use in outbound mail: $your_domain.com What domains to receive mail for: none at all What clients to relay mail from: your local networks What destinations to relay mail to: nothing (not applicable) What delivery method: direct Hope this helps.
Re: Loadbalancing+failover solution
Hi All, Wietse: thanks for your replies - and sorry for not really knowing what I'm asking...:-) I guess my question is regarding receiving mail to PostFix: Linux servers-PostFix. is DNS RoundRobin or MX record with equal value preferred thanks in advance :-) ! ~maymann 2011/12/23 Wietse Venema wie...@porcupine.org Wietse: According to these: http://www.postfix.org/postconf.5.html#smtp_mx_address_limit http://www.postfix.org/postconf.5.html#smtp_mx_session_limit The Postfix SMTP client will try at least five IP addresses or two SMTP sessions, When it reaches either limit, Postfix will try another delivery later for several days. The retry schedule behaves as documented at: http://www.postfix.org/TUNING_README.html#hammer Michael Maymann: Hi Wietse, thanks for your nice comments. I guess what you mention is valid for my internal postfix relay server-ISP mailserver - or am I mistaken ? What I write is valid for the Postfix SMTP client, whether it sends mail to your ISP, or to your internal mail server. Wietse
Re: Loadbalancing+failover solution
Hi list, Robert: thanks for your quick reply. Sorry for being vague - This is for internal outgoing mail only (my linux servers-my postfix relay server-ISP mailserver). I would like loadsharing (maybe real balancing is not needed for me...) between my linux server-my postfix relay server. My guess is I could do this (atleast) 2 ways: 1. DNS RoundRobin 2. MX with equal weight Any thoughts: e.g. will mail actually retry delivery for all IP's listed in DNS RR if one is not responding, or will it just directly return to sender=local linux user without trying any of the other IP's...) ? Thanks in advance :-) ! ~maymann 2011/12/22 Robert Schetterer rob...@schetterer.org Am 22.12.2011 19:01, schrieb Michael Maymann: Hi List, I would like to setup a stable and reliable mailrelay solution based on PostFix, that is both redundant and could share the load between 2 physical servers. How is this done best...? thoughts/documentation/howtos are very welcome...:-) Thanks in advance :-) ! ~maymann the cheap way ,have 2 equal weight mx records, i ve seen this outside, not sure if you may run in problems with that, better way, use some loadbalancers before postfix, search the list archive about it as in real world , there is no best, there is only a best what fits to your needs -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
Re: Loadbalancing+failover solution
Michael Maymann: [ Charset ISO-8859-1 unsupported, converting... ] Hi list, Robert: thanks for your quick reply. Sorry for being vague - This is for internal outgoing mail only (my linux servers-my postfix relay server-ISP mailserver). I would like loadsharing (maybe real balancing is not needed for me...) between my linux server-my postfix relay server. My guess is I could do this (atleast) 2 ways: 1. DNS RoundRobin 2. MX with equal weight Any thoughts: e.g. will mail actually retry delivery for all IP's listed in DNS RR if one is not responding, or will it just directly return to sender=local linux user without trying any of the other IP's...) ? According to these: http://www.postfix.org/postconf.5.html#smtp_mx_address_limit http://www.postfix.org/postconf.5.html#smtp_mx_session_limit The Postfix SMTP client will try at least five IP addresses or two SMTP sessions, When it reaches either limit, Postfix will try another delivery later for several days. The retry schedule behaves as documented at: http://www.postfix.org/TUNING_README.html#hammer Wietse
Re: Loadbalancing+failover solution
Wietse: According to these: http://www.postfix.org/postconf.5.html#smtp_mx_address_limit http://www.postfix.org/postconf.5.html#smtp_mx_session_limit The Postfix SMTP client will try at least five IP addresses or two SMTP sessions, When it reaches either limit, Postfix will try another delivery later for several days. The retry schedule behaves as documented at: http://www.postfix.org/TUNING_README.html#hammer Michael Maymann: Hi Wietse, thanks for your nice comments. I guess what you mention is valid for my internal postfix relay server-ISP mailserver - or am I mistaken ? What I write is valid for the Postfix SMTP client, whether it sends mail to your ISP, or to your internal mail server. Wietse
Loadbalancing+failover solution
Hi List, I would like to setup a stable and reliable mailrelay solution based on PostFix, that is both redundant and could share the load between 2 physical servers. How is this done best...? thoughts/documentation/howtos are very welcome...:-) Thanks in advance :-) ! ~maymann
Re: Loadbalancing+failover solution
Am 22.12.2011 19:01, schrieb Michael Maymann: Hi List, I would like to setup a stable and reliable mailrelay solution based on PostFix, that is both redundant and could share the load between 2 physical servers. How is this done best...? thoughts/documentation/howtos are very welcome...:-) Thanks in advance :-) ! ~maymann the cheap way ,have 2 equal weight mx records, i ve seen this outside, not sure if you may run in problems with that, better way, use some loadbalancers before postfix, search the list archive about it as in real world , there is no best, there is only a best what fits to your needs -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
