|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Carlos Jiménez (zubero
teleline.es)
Date: Wed Jan 02 2008 - 17:12:44 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> -----Original Message-----
> From: owner-postfix-userspostfix.org [mailto:owner-postfix-
> userspostfix.org] On Behalf Of Victor Duchovni
> Sent: Wednesday, January 02, 2008 10:31 PM
> To: postfix-userspostfix.org
> Subject: Re: RBL in Postfix with Load Balancing
>
> On Wed, Jan 02, 2008 at 10:20:35PM +0100, Ralf Hildebrandt wrote:
>
> > * Carlos Jim??nez <zuberoteleline.es>:
> > > Hello, everybody:
> > >
> > >
> > >
> > > I have two server with Postfix running as a Mail Gateway with
> antispam
> > > filtering. These two computers are connected to a load balancer
> (hardware
> > > appliance). Unfortunately, this device receives all SMTP traffic
> and
> > > modifies IP value of the sender with its own (load balancer IP). We
> have
> > > configured a filtering based on RBL???s, but it doesn???t work
> because this IP
> > > address is a valid one.
> >
> > Lose the load balancer and use 2 MX hosts.
> > Or replace the load balancer with something not quite as broken.
> >
>
> There are other reasons to expose multiple MX hosts rather than a
> single
> load balancer IP:
>
> - TLS session caching will work better with non-Postfix TLS clients
> (Postfix clients usually work well even with a load balancer in the
> way).
>
> - Messages that that temp-fail the first MX may be delivered
> directly
> at a second MX host, but with both behind a load balancer, clients
> will
> defer the mail for a re-try.
>
> - If one of the two hosts behind the load balancer is overloaded
> and mail transactions time out, Postfix clients may experience
> bursts of errors and declare the site dead. With separate MX
> hosts, this won't happen.
>
> This said, it may be possible to configure the load balancer to use
> XCLIENT. Works well with an F5 in front of some Postfix MSAs here.
> The load balancer is authorized to send the XCLIENT command. With
> Postfix 2.4 or later, this is available and safe (the right to use
> XCLIENT is lost once the new IP identity becomes active).
>
> --
> Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
Thank you for your help.
Otherwise, I don't understand the last part:
> This said, it may be possible to configure the load balancer to use
> XCLIENT. Works well with an F5 in front of some Postfix MSAs here.
> The load balancer is authorized to send the XCLIENT command. With
> Postfix 2.4 or later, this is available and safe (the right to use
> XCLIENT is lost once the new IP identity becomes active).
We are using a Cisco CSS and Postfix v2.2.
Do you mean that the load balancer should not use XCLIENT command in order
not to change the original e-mail sender IP? Or maybe should sender use
XCLIENT command?
I looked for it in http://www.postfix.org/XCLIENT_README.html but I don't
understand how it affects in this scenario.
Thank you.
Carlos.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]