Wietse Venema: > Willy Janssen: > > Let me explain my current setup. > > > > Our current Postfix setup for outgoing e-mail uses three different > > entries for different type of e-mail from our university. This is > > accomplished by three different names, e.g. smtp1.example.com, > > smtp2.example.com and smtp3.example.com, pointing to three different > > ip-addresses. Every ip-adresses is load-balanced to two different > > servers. Per server there are three different ip-adresses, all listening > > on port 25. Obviously every instance has it's own Postfix configuration. > > No rocket science so far; this works for years, and very well. > > > > In the new setup, our networking department wants to get rid of the > > three different ip-adresses per server. Instead they want to 'stack' all > > the traffic comming from the load-balancer on one ip-address, but on > > different ports, say 1025, 2025 and 3025. (Needless to say the three > > different ip-adresses on the front-side of the load-balancer are being > > continued.) > > > > Most likely this setup will work, but I'm not very happy with it. It's > > more difficult to split logging and set-up of the host-based firewall > > (if applicable) is more difficult. The configuration of Postfix will be > > different from the current setup so it takes more time to adjust. > > > > However, all these items seem kind of 'cosmetic'. Therefor I would like > > to know if there are more consequences of this setup. Is there a > > technical reason which would prohibit this setup? > > The game breaker is that Postfix configuration assumes that MTA > instances do not share IP addresses. For example, MX host lookup > (MX loop elimination) and relay access control are based on IP > addresses, not on TCP ports.
To clarify, MTAs can share IP addresses provided that they never try to send mail to each other. This is where HTTP servers fundamentally differ from mail servers: mail is store-and-forward, and therefore requires loop elimination. > Apart from that, you can run many Postfix instances on one box, and > use syslog_name and syslog_facility to distinguish the logging of > different Postfix instances. > > Wietse >
