On 12/11/2010 13:52, Carlos Mennens wrote:
I was just curious is it common in enterprise environments for Linux
administrators to combine their primary email server (Postfix) with
their companies web server (Apache)? I'm just more curious than
anything and I know this is a relative question with random possible
answers but I was just wondering if hardware resources are not an
issue, just from a software / configuration stand point, is it likely
to just have mail on a separate server and web on another or do most
commonly configure and combine those two services to one Linux
machine? Just trying to get an idea for what most / majority do when
configuring their companies Postfix mail server.
Best practice would be to keep them separate, for a number of reasons.
Firstly, you don't want to lose both at once to a single system failure
- if your email is offline, then it's good to be able to post a message
on your website saying "we're currently having email problems, so please
be patient if you're expecting a reply", while if your website is down
it's good to be able to reply "we know" to all the people who email to
tell you :-)
Secondly, both websites and email servers are liable to performance
degradation as the result of external factors - either a DDoS attack or
a mail flood - and you don't want the performance of both to be affected
by a hit on one of them.
Also, web servers are inherently more vulnerable than mail servers, as
even good security and well-written software can be compromised by poor
scripting. So you don't really want anything on the web server except
material that is intended to be public-facing anyway (ie, the website
data itself), so that if the worst happens you haven't exposed any
confidential data to hackers. The name "ACS:Law" will be meaningful to
most UK-based system administrators here, that was an almost textbook
example of the dangers of storing email data on the same system as the
public website.
Mark
--
http://mark.goodge.co.uk
