Clustering MailScanner with CentOS and Piranha

So your SPAM load has outgrown your single server deployment? Don’t want to deal with multiple MX records? Clustering is your friend, and with CentOS and Piranha you can deploy it quickly and easilly (not to mention for free) and scale your MailScanner to the sky.

Overview

It is important to note that the easiest way to scale your MailScanner deployment is through the use of MX records in a round robbin configuration. However, if you have more than four servers you may not get an even load balance over all nodes because most resolvers only return the first 4 MX records. So the case for clusters become very simple. Keep in mind that you will need a server to function as a load balancer, nothing too fancy and a single NIC will do. One of my deployments currently balances 2 million messages a day on a single processor Pentium 4 with 512MB ram and load rarely goes over 0.01. Popular Barracuda load balancers are built on an even lower profile system so trust me, you can do this on a budget.

The theory is that you will put a single (”virtual server”) in front of several MailScanner servers and that single virtual server will distribute the mail (load balance) to the MailScanner servers (”real server”). For the simplicity of this document, we will use direct-path, weighted round robbin. We will also be using CentOS 5 as the base operating system although Piranha and LVS are open source and easy to obtain.

Software Installation

Really simple, just install Piranha:

yum install piranha

Told you it was easy :)

Network Configuration

For the purpose of this demo we will have the following network configuration:

balancer   Load Balancer IP (10.0.0.1)
mail       Virtual Server (10.0.0.5)
ms1, ms2   MailScanner Servers (10.0.0.10, 10.0.0.20)

Remember that the “virtual server” is just a virtual IP address that you will be pointing your A/MX records to, this will be the IP address that receives data and distributes to the target MailScanner “real” servers

Load Balancer Configuration

After you have installed the Piranha package above, create the following file:

nano /etc/sysconfig/ha/lvs.cf

Place the following in it:

serial_no = 132
primary = 10.0.0.1
service = lvs
backup_active = 0
backup = 0.0.0.0
heartbeat = 1
heartbeat_port = 539
keepalive = 20
deadtime = 20
network = direct
debug_level = NONE
monitor_links = 0
virtual balancer {
   active = 1
   address = 10.0.0.5 eth0:1
   vip_nmask = 255.255.255.0
   port = 25
   use_regex = 0
   load_monitor = none
   scheduler = wrr
   protocol = tcp
   timeout = 20
   reentry = 30
   quiesce_server = 0
   server ms1 {
       address = 10.0.0.10
       active = 1
       weight = 1
   }
   server ms2 {
       address = 10.0.0.20
       active = 1
       weight = 1
   }
 }

Save the file.

Make sure that your /etc/sysctl.conf has the following line uncommented:

net.ipv4.ip_forward = 1

That’s all. Your load balancer is ready, time to start it:

/etc/init.d/pulse start

You can check on the status of the service and the current connection count by issuing the following command:

ipvsadm

To watch it live, watch ipvsadm should provide hours and hours of entertainment.

MailScanner (Real Server) Configuration

Real server configuration does not require any modification to MailScanner at all. You just need to make the direct path behavior enabled by adding a loopback interface.

nano /etc/sysconfig/network-scripts/ifcfg-lo:1

Place the following data in the file and save:

DEVICE=lo:1
IPADDR=10.0.0.5
NETMASK=255.255.255.255
ONBOOT=yes
NAME=loopback

Save the file and restart your networking (service network restart). Keep in mind that the subnet mask must be 255.255.255.255 regardless of what your network subnet is designated as.

Now time to edit sysctl.conf

nano /etc/sysctl.conf

net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.eth0.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.eth0.arp_announce = 2
net.ipv4.ip_forward = 1

Make sure that you have commented out the following line: #net.ipv4.ip_forward = 0

Save the file. Execute sysctl -p and you’re done. Move on and do the exact same thing on the second server.

Does it work?

Telnet to 10.0.0.5 (from an external system, not the real servers) and you should get a connection on port 25. It should show one of the servers. Close the connection and reconnect. You should see the banner of the second server. Add servers as needed! Congratulations, you’re now a proud father of a clustered MailScanner deployment.

Additional Reading

Linux Virtual Server

Piranha @ Redhat

Linux.com article on Load Balancing

Conga

ToDo: Failover load balancer configuration for highly redundant MailScanner clusters

ToDo: Link to Piranha GUI

By Vlad Mazek

Email: vlad@vladville.com

Blog: http://www.vladville.com