28 Dec
2008
28 Dec
'08
6:35 p.m.
Andy Smith wrote:
The only thing I can think of is configuring each
clamav box to use
a different port range and mapping all those ports on the load
balancer to the correct boxes. That's really horrible. Anyone got
any better ideas?
I might be missing the point here a little bit, but is there any reason
why you're not load-balancing via SMTP? Perhaps I'm assuming that
everyone wanting ClamAV and/or SpamAssassin centrally is only going to
be scanning mail, but it seems to me like either offering an MX solution
or an SMTP server which accepts mail from the BitFolk network and
resends it whence it came post-scan would be easier to setup. This could
still be load-balanced via haproxy, but the internals of scanning then
would be inside boxes.
Otherwise I would think that you're down to writing your own
client/server or something. The limited port thing is relatively ugly,
and I would imagine it would be pretty easy for any given client to DoS
the server simply by not closing down connections properly and running
through the ports.
Cheers,
Alex.