[Maia-users] A complicated question

Fri Aug 3 13:23:49 PDT 2007

Pete Barnwell wrote:
> Kurt Buff wrote:
> > I'm going to be setting up a second box for anti-spam/AV in 
> another office,
> > and it will act as a secondary MX for our company - the 
> other office is in
> > another country.
> >
> > The big issue, as I see it, is that I want the same 
> protection that we have
> > with the main box, but I don't want users to have two web 
> sites to visit to
> > manage their spam.
> >
> > Is there a good way to approach this?
> >
> >   
> 
> Have them talk to the same database is one easy way of making 
> it work -
> problem there is the db is the single point of failure - we use drb to
> keep a (non-active) copy of the db at the remote location, so 
> if we lose
> the first site we can bring that up fairly quickly. It could be
> scripted, but we chose to do it manually. The pre-requisite 
> with this is
> good connectivity between your sites - we're fortunate enough to have
> redundant 10G-E between our two sites, but how much you require will
> depend on the amount of mail traffic you handle.
> 
> If it's really low volume you might be able to make master - master -
> master replication work in MySQL, but we found as soon as we 
> got above a
> couple of hundred emails/min the database replication kept 
> stopping, and
> requiring a lot of manual intervention to make it work again :( so we
> gave up on that. I think MySQL5 has features in that help avoid the
> conflicts we kept getting, but I haven't tried it yt.
> 
> Worth searching the list archives for this, since it's something that
> keeps coming up.

Yuck. 

We've got a T1, they've got a 2mb SDSL, and the path is pretty high latency,
across the Pacific. The inbound email load, at roughly less than 5
emails/minute, seems to be low. A complicating factor is that our T1 is
fairly saturated, with traffic to this office and another across the
Atlantic. Fortunately we've just gotten another T1, and are redirecting web
browsing out that one.

The reason for this is that we're trying to achieve better for the remote
office - over the past three years we've had at least that many outages
lasting longer than 24 hours between our offices, mostly due to the morons
who run the telecom infrastructure for the country, AFAICT.

Lastly - I'm not familiar with drb. Do you mean drdb? If so, I'm running
FreeBSD, which doesn't have this, though there might be some alternatives.

I wonder - just blueskying here: What if I set up postfix on each machine to
deliver emails only to the offices for which it's bound, before passing it
off to Maia. It would be a bit more complicated to set up, but is this even
possible? I'm running Postfix for the MTA. It would require a bit more
creative scripting to break out the users to get valid recipients, but that
shouldn't present too much of a problem.

Kurt