Hi All, I'm in need of a little help... I've got the basic idea of what I'm trying to achieve but am stuck with a few things not knowing the right wording to be asking uncle google to find examples etc, so I'm hoping that someone can help with some pointers in the right direction. I don't expect spoon fed answers, I'm happy to do the research myself but I'm still just trying to clarify that what I'm actually looking for is even possible - things I've found so far seem much smaller scale and usually all-in-one server solutions.
My situation is this. We're an ISP, so we deal with a reasonable but not massive amount (current average around 200messages/second but growing). Our current structure (fundamentally unchanged for the last 9+ years) is struggling under growing load so I've started work on a replacement setup. The current plan is to set up a couple of NGINX proxies to act as a gateway for all our SMTP traffic (2 servers with VRRP for failover/redundancy - already running and working great). These will then pass messages onto a pool of postfix servers', setup with greylisting/av/etc. The pool of scanning servers can be increased to deal with periods of high demand, growth etc. For the peak demand situation, DNS doesn't cut it as propagation can't always occur fast enough, so proxy/load balance was decided on. NGINX will be setup to handle the SSL and SMTP-AUTH (eventually it will be used for a sharded POP3 mailbox server farm too - looking up server a given users' mailbox is on based on credentials), and use XCLIENT to pass through originating IP address for rules (NGINX handles xclient inherently). Scanning boxes won't be accessible directly from the internet. Where I'm stuck, and what might lead to having to rethink this structure is this: * XCLIENT passes through LOGIN for SASL username rather than original SMTP-AUTH credentials. Does postfix take this username and assume it's authenticated, or does the fact that the original credentials aren't passed through remove the ability to apply 'permit_sasl_authenticated' rules? * No mailboxes will live on these servers, they are scanning only however I can populate a database with a list of mailboxes on our network and the servers to relay the message to for local delivery. Is 'transport_maps' the correct area to be looking at to manage this? * Has anyone else tried/achieved this setup or something similar that has any pointers (or dire warnings of impending doom for that matter)? Obviously we have 3 basic categories of mail source we need to deal with correctly: * On-Net, can send email to anywhere on or off net * Off-Net but SMTP-AUTH'd can send email as if they were on-net * And Off-Net general, that can only send email to users we host mail for. Being an open relay isn't fun for anyone that counts. While these things aren't inherently difficult, the deployment model with gateway -> scanner -> mailbox server complicates things as the config needs to be integrated across multiple servers. Any suggestions including (constructive) criticism or debate as to my intended approach welcome. I don't claim to know everything and happy to learn from others experience. Cheers, Daniel
