Load balancing Dovecot, Postfix, SpamAssassin and ClamAV

Hi,

I would like to load balance my e-mail servers to multiple machines (3 total clients right now). I already have a load balancer set up that communicates with my 3 Web nodes via the private network, with a public-facing static IP address. Virtualmin is installed on Web node 1, with Postfix, Dovecot, SpamAssassin, and ClamScan. I also have an LDAP server running that Postfix/Dovecot/Virtualmin connects to for user management, this is outside of my 3 Web nodes.

What do I need to do / what considerations need to be made in order to get Postfix, Dovecot, SpamAssassin, and ClamScan working on all three nodes load balancing my e-mail? Each node is configured as an LDAP client, and each also has a mounted GlusterFS volume of /home to share user directories. Is it enough to copy the config folders /etc/dovecot and /etc/postfix? What about SpamAssassin and ClamScan, where are their files stored?

Thanks, -Logan

Status: 
Active

Comments

Howdy -- I'll offer that we have never attempted load balancing email before. I'd normally say that there isn't a simple way to accomplish that, though if you're familiar with setting up load balanced services it might be possible to get that to work. But I'm also not sure if that would function properly or not.

While that's unfortunately not something we'll be able to officially support, we'll gladly help answer your questions in the hopes of getting that to work for you.

The config files for ClamAV on CentOS 7 are stored in /etc/clamd.conf, and the directory /etc/clamd.d/.

The config files for SpamAssassin are /etc/mail/spamassassin/.

How much email are you receiving, out of curiosity?

I'll toss out a simpler alternative in case you're interested -- when email gets to a higher volume, what some folks do is put SpamAssassin and ClamAV on a remote server, so all that processing is occurring there rather than on a web server. We have instructions for setting that up here:

https://www.virtualmin.com/documentation/email/spam-av#toc-moving-spam-a...

Load balancing email is tricky, because it requires that all backend servers share the same user database and home directories and mail server configurations. This can be setup, but it isn't something that Virtualmin currently automates.

I already have LDAP set up (which takes care of user databases) and I have Gluster taking care of home directories. As far as configuration files I assume I can just copy those to each of the Web nodes? /home is already mounted on each and each node is already acting as an LDAP client.

The other config files you'd likely need are /etc/procmailrc and everything under /etc/webmin/virtual-server/procmail . Assuming you are using procmail for user email filtering and per-domain spamassassin rules?

I believe so, yes. I mean I'm using Virtualmin's default settings in that arena. Also how do I get SpamAssassin/ClamAV working on my other nodes, the ones not running Virtualmin? I'm using the clients for both, not the servers.

Would the setup described in the link in comment #1 above do what you need for getting SpamAssassin and ClamAV working on your other nodes?

Wow, I totally missed the first comment for some reason. I was thinking of putting SpamAssassin and ClamAV on their own servers, the thing is that I would rather not have to install Virtualmin GPL on the node just to get ClamAV over using the button in Virtualmin's E-mail Settings / Spam and Virus Filtering page. Is there an alternative way to set this up? The nodes on which I plan to install SpamAssassin and ClamAV also house the MariaDB cluster and Gluster services, as these nodes are more powerful than the Web nodes, but they also don't have public network access and are connected to the Web nodes via the private network as all nodes are in the same data center. Web min is already installed on these nodes though.

I honestly don't know the volume of e-mail being received at the moment; I just started working for a new company and am helping them migrate their existing infrastructure. They're an online marketing / social media / Web development firm with over 200 clients so I'd say they probably get a good amount of e-mail, especially because each client site gets over 500 page hits per month.

The instructions shared in the link above don't actually require Webmin or Virtualmin to be installed when setting up ClamAV or SpamAssassin on a remote server.

It's just a matter of installing the ClamAV and SpamAssassin services, and then configuring them to accept requests from your Virtualmin server(s).

Just to confirm, I was looking at https://www.virtualmin.com/documentation/email/spam-av and the section called "Setting up ClamD on a remote system". The first step suggests installing Virtualmin GPL on that system for an automatic setup, but it doesn't give manual setup instructions. Is there a way to do the setup without using Virtualmin GPL though?

Thanks, -Logan

That simplifies the process, since CentOS doesn't come ClamAV... installing Virtualmin first makes it so that you can pull down ClamAV from the Virtualmin repository,

However, that's not necessary. You can just manually grab the ClamAV packages for your particular distribution, install them, and then continue with the instructions.