Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Victor Duchovni (Victor.DuchovniMorganStanley.com)
Date: Wed Jan 02 2008 - 15:30:32 CST
On Wed, Jan 02, 2008 at 10:20:35PM +0100, Ralf Hildebrandt wrote:
> * Carlos Jim??nez <zuberoteleline.es>:
> > Hello, everybody:
> > I have two server with Postfix running as a Mail Gateway with antispam
> > filtering. These two computers are connected to a load balancer (hardware
> > appliance). Unfortunately, this device receives all SMTP traffic and
> > modifies IP value of the sender with its own (load balancer IP). We have
> > configured a filtering based on RBL???s, but it doesn???t work because this IP
> > address is a valid one.
> Lose the load balancer and use 2 MX hosts.
> Or replace the load balancer with something not quite as broken.
There are other reasons to expose multiple MX hosts rather than a single
load balancer IP:
- TLS session caching will work better with non-Postfix TLS clients
(Postfix clients usually work well even with a load balancer in the way).
- Messages that that temp-fail the first MX may be delivered directly
at a second MX host, but with both behind a load balancer, clients will
defer the mail for a re-try.
- If one of the two hosts behind the load balancer is overloaded
and mail transactions time out, Postfix clients may experience
bursts of errors and declare the site dead. With separate MX
hosts, this won't happen.
This said, it may be possible to configure the load balancer to use
XCLIENT. Works well with an F5 in front of some Postfix MSAs here.
The load balancer is authorized to send the XCLIENT command. With
Postfix 2.4 or later, this is available and safe (the right to use
XCLIENT is lost once the new IP identity becomes active).
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.