[Mailman-Users] Mailman on separate web and smtp load balanced farms.
Brad Knowles
brad at stop.mail-abuse.org
Wed Dec 1 01:45:45 CET 2004
At 5:10 PM -0700 2004-11-30, Matt Ruzicka wrote:
> I was wondering if anyone is actually doing something remotely similar to
> this.
We did the same sorts of things when I was the Sr. Internet Mail
Administrator for AOL, and again when I was the Sr. Systems Architect
for Belgacom Skynet (the largest ISP in Belgium). Separate inbound
versus outbound mail server farms is typical for larger size
operations I've seen, and separate webserver farms is pretty much
required.
> The outgoing aspect seems like a non-issue in that it appears we can
> easily configure mailman to dump all mail over to the correct outgoing
> mail server. The issue that is confusing me is the separation of the web
> and the incoming mail.
For the mail stuff, I would recommend separating the mailing list
server from the mail servers. You could still put the mailing list
server "behind" the inbound mail server farm, but I'd run it as a
separate beast.
My preference would be to use a totally separate "hostname" for
the mailing list stuff that is generic and not specific to a given
product (e.g., lists.yourdomain.example.com as opposed to
mailman.otherdomain.example.org). This makes mail routing really
easy.
For the web stuff, I'd be inclined to run a seperate "hostname"
for the service, then do an Apache reverse proxy on the web server
farm, pulling the content from the Mailman machine.
> I have seen lots of talk about running mailman on two different servers,
> and I did see a few other people offer information that indicated they are
> using completely separate web and mail servers, but the threads always
> seem to move towards solutions that merge some aspect of web and mail onto
> one server.
That is the kind of solution that tends to work best for Mailman,
although due to careful programming that tries to avoid the typical
pitfalls you frequently see with NFS, you should be able to mount the
/usr/local/mailman filesystem from one machine to another.
That's assuming you actually trust NFS for anything.
> I'm assuming I will be installing the mailman files onto an NFS partition,
> which although there is a lot of legitimate concern, it sounds like the
> Mailman developers have worked hard to address this. Although I'm
> concerned the load balanced farms, in addition to the separate servers,
> might be too much for any NFS locking model as it relates to Mailman.
If at all possible, I would try to avoid using NFS just because I
know that I've run into weird problems with it every time I've had to
deal with it. This includes experience at both AOL and Skynet, as
well as plenty of other places.
> 1. How are people handling incoming mail to an SMTP server separate from
> the web server?
MX records direct the mail traffic somewhere else.
> 2. How, if at all, are people handling the above question on a load
> balanced incoming SMTP farm?
Load balanced? In what way? Are you trying to use DNS
round-robin load-balancing, or are you actually using a proper Layer
4 Load-Balancing Switch, such as a RadWARE, F5, Alteon, etc...?
If the latter, then the switch is pretty much transparent to the
process. I'd use what RadWARE calls "Direct Server Return", or what
some other vendors call "Server Triangulation", however.
This should limit the traffic that the switch has to actually do
something with down to just the SYN packets coming in to set up the
TCP connection, and from that point on it's just a matter of making
sure that the flows continue to go to the same MAC addresses.
> 3. Do people have any recommendations/warnings for running Mailman on a
> load balanced web farm?
See above. I don't have anything more specific.
> 4. Am I just over-complicating something (the install of Mailman) that
> doesn't need to be as complicated as I'm thinking (our architecture model
> aside. ;) )?
I believe so, yes. I'm a big fan of the K.I.S.S. principle, and
mail services in particular tend to benefit greatly from keeping
things simple.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the Mailman-Users
mailing list