[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Can we build a proper email cluster? (was: Re: Why is debian.org email so unreliable?)



On Thu, 14 Oct 2004 23:25, Henrique de Moraes Holschuh <hmh@debian.org> wrote:
> > The Debian email isn't that big.  We can do it all on a single machine
> > (including spamassasin etc) with capacity to spare.
>
> Or we can do it in two, with capacity to spare AND no downtime.

Increasing the number of machines increases the probability of one machine 
failing for any given time period.  Also it makes it more difficult to debug 
problems as you can't always be certain of which machine was involved.

> > One machine should be able to do it with AV and antispam.  Four
> > AV/antispam machines can handle the load for an ISP with almost 1,500,000
> > users, one should do for Debian.
>
> That depends on how much delay you want to have when processing mail. It'd
> be nice to know how many messages/minute @d.o and gluck receive, to stop
> guessing, though.

When four machines can do it for 1,500,000 users with no significant delay I 
am quite certain that one machine can provide all the performance you want 
for 1,000 users.

> > > But we really should have two of them (in
> > > different backbones), with the same priority as MX.
> >
> > Why?
>
> No downtime.  Easy maintenance.  Redundancy when we have network problems
> (these are rare, thank god).

Getting redundant network connections working properly takes a lot of effort 
and skill.  I've seen major ISPs screw this up in a big way.

KISS!

> > As long as the machine is fixed within four days of a problem we don't
> > need more than one.  Email can be delayed, it's something you have to get
> > used to.
>
> And while that email is being delayed, our work suffers, and there could
> even be security concerns as well.  Developer time IS an important
> resource, I don't think we should be wasting it because we don't want to
> have a second MX.  Would you set up a mail system for any ISP (including
> small, 1000-user ones) with only one MX?

Yes.  For big ISPs the one MX record would point to multiple servers behind a 
Cisco LocalDirector or similar device.

> > We don't need high-end hardware.  Debian's email requirements are nothing
> > compared to any serious ISP.
>
> True.  But we don't need cheap-ass, will-break hardware either.  Debian's
> admin requirements are different. The less on-site intervention needed, the
> better.

There's nothing cheap-ass about a second-hand 2U server with a 2.8GHz P4 CPU 
and 1G of RAM.

> So do I.  And I can tell you that I experienced a lot of improvement when
> big mass-delivery mail hits, on the order of _minutes_ (thousands of
> recipients, every one of them causes postfix to generate a minimum of 4
> LDAP searches, due to the way the LDAP maps were required to be deployed),
> and the way postfix map lookup happens.  Moving that to a hash DB sped
> things up considerably.

What type of hardware and software were you using for LDAP?

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page



Reply to: