[Mimedefang] Re: MIMEDefang with round-robin DNS

Albert Croft acroft at cyber-wizard.com
Mon Jun 6 16:23:55 EDT 2005 

mimedefang-request at lists.roaringpenguin.com wrote:

>Date: Mon, 06 Jun 2005 12:45:56 +0300
>From: Fredrik Nyberg DC <nba at abo.fi>
>Subject: [Mimedefang] MIMEDefang with round-robin DNS
>To: mimedefang at lists.roaringpenguin.com
>Message-ID: <42A41B54.4070305 at abo.fi>
>Content-Type: text/plain; charset="utf-8"
>
>Hello!
>
>I'm thinking about running MIMEDefang via milter on two seperate
>scanning hosts. I would be doing this with round-robin DNS. Does anyone
>know if it will work/not work?
>
>Thanks,
>Fredrik Nyberg
>
Fredrik:

Yes, it will. I already use a similar configuration where I work, the 
basics of which are....

Machines:
    real names: spam1a and spam1b
    common name: spam1

DNS:
    ; For each filter machine, a real name
    spam1a IN A x.x.x.36
    spam1b IN A x.x.x.38

    ; A records for common pointing to each filter machine
    spam1 300 IN A x.x.x.36
    spam1 300 IN A x.x.x.38

    ; PTR records for each machine's real name
    36.x.x.x.in-addr arpa IN PTR spam1a.example.com.
    38.x.x.x.in-addr arpa IN PTR spam1b.example.com.

    ; PTR records for each machine's IP referring to the common name
    36.x.x.x.in-addr arpa 300 IN PTR spam1.example.com.
    38.x.x.x.in-addr arpa 300 IN PTR spam1.example.com.

    ; For each domain example2.com that is being sent thru the filter...
    example2.com. IN MX 20 spam1.example.com.

Final delivery locations for the filter machines are defined by IP 
entries in the Sendmail mailertable. The TTLs on the A and PTR records 
for the common entry are intended to reduce the possibility of the 
entries being cached for very long somewhere, shifting the load too much 
to one server or the other; the dual PTR records are for those servers 
that will reject messages because the forward and reverse entries 
differ. Be aware that DNS round-robin will only roughly divide the load 
in half, so at times you may see the load higher on one machine than the 
other.

I would suggest that, as closely as feasible, that the machines have the 
same versions of the software (A/V scanner, SA, MD, perl, modules, 
etc.). I would also suggest that if you are not doing so already that 
you look at the option of using either a SQL database or LDAP datastore 
for maintaining user-level preferences, white/black lists, etc., as this 
will make it much easier for you to maintain than having to go between 
multiple servers and remember to make changes everywhere.

There may be some details I have missed in our systems' configuration, 
but hope that at least helps confirm what you were looking for. Good luck.

-Albert C.

More information about the MIMEDefang mailing list