I’m testing the protector in HA (master / client) configuration which is working.
We want to use redundant mail delivery to master and client with
MX record Pref 10 to master
MX record Pref 20 to client
This HA setup “works”, but the database synchronisation (and possible the mail itself on disk) is not bi-directional.
- Can you confirm this behavior and …
- is there a update in the pipeline so that we also can use the client to drop mail (and stay in sync)
1. This is confirmed. There is a main and a client and sync only occurs from the first to the second.
2. This is not in the roadmap. It would be hard to plan such a synchronization though, since some data should flow in one way and others in the opposite way. To forward mail to 2 different units, they don't have to be in sync.
- Then for “real HA” for mailscanner if “mail continuity” is the most impartant thing, then two seperate units (NOT in HA) is a better solution.
(with pref MX 10 en MX 20) connected both connected to a different ISP.
- The only thing missing is user sync (bidirectional) and blacklist/whitelist (bidirectional). The other settings are reasonable static and don’t change a lot.
- The reporting is coming from two units, so customer (if enabled) receives to quarantine reports. Shouldn’t be a problem.
For now a will redesign the HA setup and use the client protector only as a “standby hot spare” with a lot of manual work if a failover is needed.
(i.e. the old master must NOT overwrite the client database if the client is used as new master in a disaster situation)
And the new master (the previous client) must stay as master after the failover, otherwise you will lose data.
Thanks for the explanation of how the HA sync is build.
The Protector HA works in a Active-Passive clustering configuration. It is
not designed in Active-Active clustering, which is a configuration mostly
used for load balancing.
The passive server must be intended as a backup server, which takes over
when the active one fails. In order to configure it as main, though, some
configurations must be done outside the Protector (e.g. for email,
reconfiguring the MX record) or inside (change the Protector IP). In a
disaster situation, the passive (backup) server must be raised to master
(role Master in HA or HA off) and the old master, prior to being connected
again, must be configured as client in HA.