[Mimedefang] What is the order of things that occur

[Steve Campbell]

Jan-Pieter,

Thanks and wow!

Quoting Jan-Pieter Cornet <johnpc at xs4all.nl>:

> On Tue, Jul 11, 2006 at 04:00:05PM -0400, Steve Campbell wrote:
> > >In the current internet, there isn't any point in having a secondary
> > >MX just for the purpose of fallback, if your primary server is mostly
> > >up.
> > 

The servers that I am running these on are pretty tough Dell servers (real
server class) with SCSI Raid and dual Power and all. Of course, I realize these
can break as easily at the XTs I run our web sites on. (smily thing here)
 
> No, the secondary would tempfail too, so you end up NOT accepting the
> email on the secondary. Try it.

I didn't know that and hadn't really tried it out. Good to know. If you have the
time, could you explain why? I thought the last relay was what held the retry
files. Shows how much I really need to learn.
> 
> The options are simple: fallback MX, as you described, is practically
> useless, especially in the "tempfail when primary is down" scenario.
> Legitimate senders will retry anyway, within a reasonable amount
> of time, and really crappy "legitimate" bulk senders won't retry
> even after a proper 4xx tempfail (like yahoogroups, or so I'm told).

This is the same thing I concluded after the long thread you mentioned in an
earlier post. I actually had the test gateway set up on another box and tested
out. I suggested to him that I should just leave it that way, but this was a
backup web server, and he didn't want to load it down. 

The thing is, the web servers are 4400 Dell servers, a little old, but redundant
everything and never get stressed. After putting MD on the two MX servers, the
load average has dropped to about 1.8, and the daily load average, including the
1.8 LA for about two hours to skew the daily average, was still over 4.5. So I
doubt these 4400s would have even noticed the new processes.
> 
> If you really want to build a redundant mail server, there is a lot
> more to it than just slapping a secondary MX in your DNS.

This really wasn't for redundancy, but mostly for getting rid of the
invalid-user dictionary email being sent through the secondary MX. Of course,
without a secondary MX for the domains, it probably wouldn't exist either. I was
hoping to be able to do the look-ahead/look-behind type scans with MD, but the
look-ahead will do for now.

> 
> You can either buy a box that's redundant all the way, for example
> one of the SUN or HP boxes - multiple CPUs, multiple powersupplies,
> built in RAID or connect it to a SAN.

A long time ago, before we were on the internet, I had two Sun/Solaris servers
for our ad-building production system. These were the big board servers, and had
cross-port Raid so that each disk write wrote to both 500 MB disk drives.
> 
> Or you buy (or build - with Linux and LVM and redundant PC style
> hardware - if you're feeling adventurous and cheap) an NFS device
> that has enough redundancy itself (at least RAID, preferably RAID 6),
> maybe with a SAN-backend, dual powersupply and the works.

We have a really nice SAN right now, but it's for our Novell server storage. It
was too expensive for us to buy a controller for my Linux servers, so I don't
have any space there. I'm testing one of those terrabyte units by Buffalo right
now to see how it holds up. So far so good, but it's mounted as an smbfs device
and times out a lot. Just for backups.

> 
> Then add a cluster (at least 2, 3 is better) identical machines
> that share the same configuration, and that mount the NFS device
> for storage. Add another cluster for IMAP or POP servers if you
> like (or simply add the IMAP/POP servers to the sendmail cluster
> if you don't have a high load).

I have used UltraMonkey stuff before for true device takeover using heartbeat.
It was also a long while back and they didn't have the ARP stuff then, so it
kept killing our PIX. 

> 
> That way, when a piece of hardware fails, the users don't notice
> anything (maybe some connection timeouts unless you also add some
> form of dynamic loadbalancing. DNS loadbalancing is good enough
> for a few incoming mail servers). And you don't need to rush
> to get the faulty hardware replaced.
> 
> Make sure you add redundant cross-connected routers, and most
> important: a redundant internet connection, or host the setup
> at a bigger colocate farm.
> 
> If you do all that, you're really making a difference, reliability
> wise. Now go calculate the required hardware and present your
> boss with a cost estimate, and preferably also estimate
> which components are most likely to fail (usually disks and
> internet connectivity), and as a result which cost savings
> would have the least impact on reliability.

Most of my servers were hand-me-downs from the Novell side, so I doubt if they
would spring for anything that costs money. I was going to buy milter-sender,
but they had to put the purchase off until later because of "budget
constraints". Thank goodness for Linux, as it seems to run quite well on the
older machines.

> 
> You'll find out that just adding a backup MX adds practically zero
> to your reliability :)

So thanks for all the ideas and info. Again, sorry to be such a bother about the
same problem. I have quite a bit on my plate at the time, and it seems I have to
rush everything.

Steve

> 
> -- 
> Jan-Pieter Cornet <johnpc at xs4all.nl>
>




-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/