[Mimedefang] Re: MIMEDefang with round-robin DNS
Albert Croft
acroft at cyber-wizard.com
Mon Jun 6 16:23:55 EDT 2005
mimedefang-request at lists.roaringpenguin.com wrote:
>Date: Mon, 06 Jun 2005 12:45:56 +0300
>From: Fredrik Nyberg DC <nba at abo.fi>
>Subject: [Mimedefang] MIMEDefang with round-robin DNS
>To: mimedefang at lists.roaringpenguin.com
>Message-ID: <42A41B54.4070305 at abo.fi>
>Content-Type: text/plain; charset="utf-8"
>
>Hello!
>
>I'm thinking about running MIMEDefang via milter on two seperate
>scanning hosts. I would be doing this with round-robin DNS. Does anyone
>know if it will work/not work?
>
>Thanks,
>Fredrik Nyberg
>
Fredrik:
Yes, it will. I already use a similar configuration where I work, the
basics of which are....
Machines:
real names: spam1a and spam1b
common name: spam1
DNS:
; For each filter machine, a real name
spam1a IN A x.x.x.36
spam1b IN A x.x.x.38
; A records for common pointing to each filter machine
spam1 300 IN A x.x.x.36
spam1 300 IN A x.x.x.38
; PTR records for each machine's real name
36.x.x.x.in-addr arpa IN PTR spam1a.example.com.
38.x.x.x.in-addr arpa IN PTR spam1b.example.com.
; PTR records for each machine's IP referring to the common name
36.x.x.x.in-addr arpa 300 IN PTR spam1.example.com.
38.x.x.x.in-addr arpa 300 IN PTR spam1.example.com.
; For each domain example2.com that is being sent thru the filter...
example2.com. IN MX 20 spam1.example.com.
Final delivery locations for the filter machines are defined by IP
entries in the Sendmail mailertable. The TTLs on the A and PTR records
for the common entry are intended to reduce the possibility of the
entries being cached for very long somewhere, shifting the load too much
to one server or the other; the dual PTR records are for those servers
that will reject messages because the forward and reverse entries
differ. Be aware that DNS round-robin will only roughly divide the load
in half, so at times you may see the load higher on one machine than the
other.
I would suggest that, as closely as feasible, that the machines have the
same versions of the software (A/V scanner, SA, MD, perl, modules,
etc.). I would also suggest that if you are not doing so already that
you look at the option of using either a SQL database or LDAP datastore
for maintaining user-level preferences, white/black lists, etc., as this
will make it much easier for you to maintain than having to go between
multiple servers and remember to make changes everywhere.
There may be some details I have missed in our systems' configuration,
but hope that at least helps confirm what you were looking for. Good luck.
-Albert C.
More information about the MIMEDefang
mailing list