central amavis machine for in and outbound

Mark Martinec Mark.Martinec+amavis at ijs.si
Sat Nov 19 02:03:37 CET 2011


> Yeah, I thought of differentiate an in- and outbound server for
> troubleshooting purpose.
> My outbound traffic is really low, so I thought here of a virtual
> machine for the outbound machine, if a central amavisd makes sense.

It still makes sense to have separate mail paths for inbound
and outbound traffic, but they can both reside on the same host.
No need for virtualization. Not even a need for running two
postfix instances (although some may prefer it that way).

But do provide a separate mail submission entry. Either just a
dedicated standard mail submission port 587 -- or if you prefer
allowing mail submission from inside without authentication (SASL)
on port 25, this can still be made separate from inbound mail (MX)
by giving the host two IP addresses (IP alias), and running a
postfix smtpd service on each, resticting the MSA smtpd instance
to connections from inside only.

Regardless of having two IP addresses or not, do provide *separate*
service names (host names). Let your users configure their mailers
to submit mail to one (e.g. mail.example.com), and configure your
MX record to point to the other name (e.g. mx.example.com) - this
name is of no concern to users). If you later decide to move services
around, there won't be any need to reconfigure MUAs.

Having separate paths simplies assigning a different amavisd
policy bank on each. You may not need it immediately, but keeping
mail submission separate from inbound mail (MX) adds flexibility
or future growth to more complex setups.

> Well, now I'm going to plan with decentralized amavisd-new setup on 2
> machines for in- and outbound.

I agree with this plan for your needs.


More information about the amavis-users mailing list