How would people design a resilient mail server setup with Linux?
On an application level what the system needs to provide is both an incoming and outgoing mail service (i.e. SMTP & IMAP), along with filtering and archive storage (the archive part isn't critical yet, so we'll look at this later probably).
What is required on top of this is a resilient system, i.e. one which will handle individual server failures without interrupting service. As such I would term this a High Availability mail system. This is in contrast to a High Performance mail setup, as in our case the volume of mail being handled isn't the important factor, it's simply that it stays online.
Having not approached this problem before, the first thing I thought of was a clustered file system (gfs/gluster/etc), combined with heartbeat to failover a floating IP to another box in the case of a server failure.
Combined with postfix & dovecot does this sound feasible to people?
Alternatively do your clustering at the IMAP/POP level, with the likes of Cyrus IMAP. I used it's replication feature during a mail server migration and it worked perfectly. No messages were lost and which node they arrived on didn't matter.
SMTP part is quite simple i guess - both for filtering incoming traffic and providing outgoing service - they are quite stateless. so for those - usual master + hot standby setup based eg on heart-beat and 'virtual ip' assigned to active node would be just fine.
but... there is a risk of losing messages that are in transit [eg being checked by antispam or being qued up for outgoing delivery because of greylisting on the other side] when given server dies.
for imap/access to mailbox in not-so-heavily-loaded-system i would go again for master + hot-standby configuration but this time we need to add mailbox replication. depending on size - simple rsync run every 10 minutes could do the trick, but if we talk about thousands of mailboxes and thousands of messages in each - drdb-based replication would perform better.
usual word of warning: if you set up HA cluster - do check it periodically - eg every quarter or so. discovering that what you expect to be HA is not really HA when you need it is quite unpleasant feeling.
for MTA i use usually postfix, for IMAP - courier, for antispam - ESVA [
now seems to be dead but people try to revive itwhich got resurected ] or mailcleaner.At my University, we use a combination of Cyrus IMAP and Postfix. Cyrus is replicated across 3 VM's. The HA cluster has pretty good performance and serves ~30,000 unique mailboxes.