I wasn't that specific in my original post, and for that I apologize. Our setup is configured like I mentioned, except for the fact that our primary mail server(the one with the vpopmail accounts) is configured as a backup MX in our DNS zones. This way if our primary scanner goes down mail is still delivered correctly.
However, having our primary mail server as a secondary MX in DNS opened up a few other problems...It seems that a lot of viruses and bulk mailer programs are written to deliver their nasty mail to all MX records for a domain, or simply deliver the mail to the backup MX servers. It looks like they realized what we are trying to do, get the scanning off of our primary mail server and onto a dumb machine that simply scans e-mails all day. The solution is pretty elegant really, but is not entirely scalable. With help from Bill, we figured out how to scan messages selectively based on where they were coming from.
Any messages being sent from our scanner machine are not scanned by our primary mail server, as, obviously they have been scanned by the scanner machine. Now, if the primary mail server gets a message from somewhere else besides the scanner machine we set QMAILQUEUE to qmailscanner and the message is scanned. We still benefit from improved performance, and do not have problems delivering mail to picky ISP's like AOL.
The downside to this system is that we need to keep spamassassin/clamav current on two machines, but we have noticed a good performance increase with this system...As 99% of all legitimate e-mails are sent to the MX record with the highest priority, which is our scanner machine.
Hope this helps,
Peter
Darrell Strong wrote:
I was reading your post from Shupp toaster page (see below) and was wondering how you resolved the aol problem that is associated with having your gateway email server on your mx record and not your true email server.
I have my setup just like you mentioned below. It works great but i just realized that AOL is sending all incoming mail we are sending it to the aol users spam folder. Evidently AOL is assuming all incoming mail from my mailserver is spam because it is originating from my mail server which is no longer at my mx record ip address. Therefore there is no reverse dns record for it.
Outgoing mail goes out directly out from my mailserver, bypassing the gateway. Did you have this problem? Should I route all outgoing mail back thru the gateway? Any help you could provide would be appreciated. Thanks
" Jeff,
We had a similar problem, and our bottleneck was SpamAssassin and Clam Scanner. We ended up putting SpamAssassin and Clamd on a seperate machine that simply scanned the incoming messages and passed them onto the primary mail machine that housed the vpopmail accounts, etc.All you need to do is install Bill's toaster on a second machine with Qmailscanner, SpamAssassin, etc, etc. and then setup that machine to forward all mail to your primary box in /var/qmail/control/smtproutes
Works like a charm, just make sure DNS points to the scanning server in the MX route.
Peter"
Darrell Strong
Technology Coordinator
Haddon Heights Public Schools
(856) 547-0521
