Viktor Dukhovni:
> On Sun, May 27, 2012 at 12:21:49PM +0200, DTNX Postmaster wrote:
>
> > Also, why would you need a proxy? Unlike HTTP, SMTP does not benefit
> > from front-end caching and the like. HTTP is a stateless, SMTP a
> > stateful protocol? It is easily made highly available, just based on
> > the MX records, and you can implement basic load balancing by having
> > several MX records with the same priority, IIRC.
>
> I concur. Postscreen is only needed in front of public MX hosts to
> reduce hogging of the SMTP service by ratware. On public MX hosts,
> you can use a proxy that sits in the network path between the
> outside world and the MX hosts, in which case the proxy will not
> rewrite the source IP and no XCLIENT is required.
This depends on the proxy.
- If it's a packet-level proxy then it just forwards unmodified
packets that belong to the same session to the same back-end SMTP
server.
- If it's a circuit-level proxy like nginx, then it needs to forward
session info in-band, with XCLIENT or equivalent.
Circuit-level proxies can do a few things that are difficult with
packet-level proxies, such as sitting in a remote network, or
that are impossible such as off-loading TLS or AUTH.
[fan-out with four MX records and four a records per MX name]
> The above gets you 16 MX hosts with no load balancers required.
> You only need load balancers when you start to get to the size
> of Google, Hotmail, ... and they use DNS load-balancers, that
> return geo-proximate IPs for the MX host or any-cast IPs. There
> is likely a second layer of load-balancing below the DNS layer
> at that scale, but very few sites need either.
Some people don't understand the difference between browser-to-server
HTTP, and MTA-to-MTA SMTP.
Wietse
