Just wondering - have you tried greylisting? Why or why not? -Ben On Tuesday 25 October 2005 15:42, replies-lists-centos@xxxxxxxxxxxxxxxxxxxxx wrote: > you are correct. setting the ordinals to be the same (whatever value you > select) will cause the entries for the two machines to rotate. failover > works mostly (it depends on how the first machine fails and related > timeout issues). > > i would actually suggest a somewhat different setup. > > the problem with multiple external mail hosts is that the more you have > the more spammers have to hit. [they don't care about mx record > ordinals, etc.] with your spam stuff on these front-end machines (if i > understand your configuration correctly), the spammers are just eating > up your resources. > > so, instead, set up one or more (depending on load/needs) front-end > machines. use DNSBL in sendmail/postfix (whichever you feel more > comfortable configuring) to cut down on the junk. [when i last checked, > dnsbl blocking dynamic IPs (dialup/cable modems) cut the basic trash > down by 60-70%.] > > then, put your anti-spam stuff on one (or more if necessary) back-end > machines that only accept mail from the front-end machines. that way > your anti-spam stuff is only going to see mail that's gone through the > dnsbl and won't be taking up resources of the basic mail handling on the > front-end machine(s). > > after the anti-spam machine(s), pass the mail on to your pop/imap server. > > i suspect that with this setup you could have one front-end machine, > load-balance (with two A-records for the same name but different > ipnumbers (aka DNS shuffle-A)) for two anti-spam machines and you'll be > ok. > > if you want a second front-end machine, for fail-over, you have to > realize that it will get just about as much spam as the first machine, > regardless of your mx-record settings. it's good to have it, just > realize you're provide a second door that the spammers will *always* try. > > in short, put the resource intensive anti-spam stuff back a level from > the external SMTP server(s). that will let the SMTP servers do their job > without getting high load from the anti-spam stuff. > > > - Rick > > > > ------------ Original Message ------------ > > Date: Tuesday, October 25, 2005 03:03:55 PM -0700 > > From: Benjamin Smith <lists@xxxxxxxxxxxxxxxxxx> > > To: centos@xxxxxxxxxx > > Subject: Load balancing email? > > > > Currently, we have two mail relays for inbound messages, and a third > > for POP. > > > > The inbound messages go thru all the CPU-intensive anti-spam stuff, > > and then they relay it to the POP server for pickup. > > > > Currently, one of these is the "primary", and the other is > > "secondary", and I'd like them to be considered more or less as > > equals, since the "primary" system is getting beaten pretty hard. > > > > The DNS zone file says something like this: > > > >############################### > > @isp.com > > <SNIP> > > IN MX 100 mx1.isp.com. > > IN MX 1100 mx2.isp.com. > > <SNIP > >################################ > > > > I seem to recall that I make them act as "equals" by simply changing > > this to > > > >############################### > > @isp.com > > <SNIP> > > IN MX 100 mx1.isp.com. > > IN MX 100 mx2.isp.com. > > <SNIP > >################################ > > > > so that they both get about the same amount of inbound messages. Has > > anybody here actually done this? How well does this work as far as > > failover if either system fails? > > > > -Ben > > -- > > "The best way to predict the future is to invent it." > > - XEROX PARC slogan, circa 1978 > > _______________________________________________ > > CentOS mailing list > > CentOS@xxxxxxxxxx > > http://lists.centos.org/mailman/listinfo/centos > > ---------- End Original Message ---------- > -- "The best way to predict the future is to invent it." - XEROX PARC slogan, circa 1978