-2

I would seek your expert guidance for this topic and your help would be really appreciated.

I want to setup mail service in my org in such a way that they are highly available and even if one of the server goes down the other will keep on serving the traffic.

The scenario is like below:

the internal apps will connect to the internal mail servers (in HA high availability), and then once the mails are received by internal mail mail servers they will further relay it to external mail servers (they are withing org, but internet facing, again HA), then those servers will be forwarding the mail according to recipient.

these servers mainly be for relaying the mails outwards and the from domain would be different to what these mail servers will be on. For example, the mail could be coming from helloworld.com, asdf.com and etc, however, the servers are hosted on testing.com.

So any tried and tested HA setup available for this, which someone already be using it for?

internal apps --> "internal servers" --> "external relay servers" --> outside

The mails will be like below:

from: [email protected]

to: [email protected]

Their apps will just send the mails to us with relay settings. How can I setup this in HA?

The setup is being done on centos9 with postfix as mail server software.

These servers are VM on vmware, so in terms of hardware failure we are covered, as they migrate to another host. However, if the server gets restarted or during patching we need to take one out the other server can keep the traffic running. They will be accepting mails from internal network and then forwarding accordingly to internet. They will not host any mailboxes as that would add complexity in terms of shared storage. Has anyone setup such scenario at their end? How you guys did it?

2
  • 1
    Does this answer your question? How to build a high availability Postfix system? as you can see, it has already a well known question existing imho which means that you did no research inho
    – djdomi
    Commented Jun 5 at 5:28
  • Thanks for the reply! I did read the post and and appreciate it is well written. My scenario was bit different as no mailboxes and also wanted to know how the members of this forum running SMTP (postfix) in their environment.
    – sunny_hkhk
    Commented Jun 6 at 10:15

1 Answer 1

2

(this is mostly comment, but space is limited in the comments box)

Even if I assume that english is not your first language, the way your post is presented you appear to have limited experience with technical architecture and SMTP. You're going to have a lot of issues setting this up and running it. You still have a lot of learning to do.

You also seem to have already made decisions about the architecture but provided no justification for this. Notably, why have you decided to use 2 tiers of relays?

I infer from your post that you may be talking about a large volume of emails - but you didn't say how much, nor did you say about where the emails were going. Getting good deliverability and IPR is not easy.

But to address only the question you asked - this is trivial. Just use haproxy to distribute the traffic. Ideally on the origin hosts. Use the mail submission port rather than generic SMTP port for the traffic. Do provision and require authentication from the start, even if you are on a network that is considered secure. Consider partitioning your email traffic into high quality/low quality streams using different public IPs at an early point.

3
  • Thanks for the reply!
    – sunny_hkhk
    Commented Jun 6 at 10:05
  • Thanks for the reply! Apologies if I didnt frame the question properly, new to the forum. About 2 relay servers, one set of servers will be internet facing and the other two internal, the original plan was to make the internal servers host the local mailboxes but the HA part for them is too complicated and not worth the efforts. There will be more than 60k mails per day and this could increase in near future. Just wanted to know how fellow admins running SMTP (postfix) in their environment.
    – sunny_hkhk
    Commented Jun 6 at 11:38
  • 1
    Hmmm, even less of a reason to have 2 tiers. But you might consider separating the incoming and outgoing SMTP services at the internet side.
    – symcbean
    Commented Jun 6 at 12:23

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .