amic range, I
cannot make the load balancer balance them either. I would need to
statically forward every single port in the ranges from the load
balancer to the back ends.
FWIW I am using haproxy as the load balancer, but as far as I am
aware there is no way to solve this problem in the balancer without
a load balancer that is programmable to inspect the TCP
conversation, learn for itself what the port is, and set up a
dynamic port forward. Something like F5 or ZXTM could do it easily,
if anyone wants to spend about =A330k on balancing clamav!
Cheers,
Andy
--=20
http://bitfolk.com/ -- No-nonsense VPS hosting
Encrypted mail welcome - keyid 0x604DE5DB
--8hDNj9fSINGAam3K
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJV62BIJm2TL8VSQsRAsMBAKCll+CHF3BkFmGNOSagsCDqklOQyQCfYMW8
STQ5tMPT93c9Y18ncuFItPk=
=6hPw
-----END PGP SIGNATURE-----
--8hDNj9fSINGAam3K--
From home@??? Sun Dec 28 18:36:02 2008
Received: from barney.alcoholicsunanimous.com ([87.194.162.201])
by bitfolk.com with esmtps (TLS-1.0:RSA_AES_128_CBC_SHA1:16)
(Exim 4.63) (envelope-from <home@???>) id 1LH0UU-0005wI-Mz
for users@???; Sun, 28 Dec 2008 18:36:02 +0000
Received: from barney.alcoholicsunanimous.com (127.0.0.1) by
barney.alcoholicsunanimous.com
with NMAP (bongosmtpc Agent); Sun, 28 Dec 2008 14:05:40 +0000
Received: from barney.alcoholicsunanimous.com (127.0.0.1) by
barney.alcoholicsunanimous.com
with NMAP (bongoqueue Agent); Sun, 28 Dec 2008 14:05:36 +0000
Received: from localhost.localdomain (192.168.178.102) by
barney.alcoholicsunanimous.com
with ESMTPA (bongosmtp Agent); Sun, 28 Dec 2008 14:05:36 +0000
Message-ID: <4957C6F5.8080409@???>
Date: Sun, 28 Dec 2008 18:35:33 +0000
From: Alex Hudson <home@???>
User-Agent: Thunderbird 2.0.0.18 (X11/20081119)
MIME-Version: 1.0
To: users <users@???>
References: <20081228041158.GU29527@???>
In-Reply-To: <20081228041158.GU29527@???>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanner: Scanned by ClamAV on bitfolk.com at Sun,
28 Dec 2008 18:35:54 +0000
X-SA-Exim-Connect-IP: 87.194.162.201
X-SA-Exim-Mail-From: home@???
X-Spam-ASN: AS35228 87.194.160.0/22
X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on
admin.curacao.bitfolk.com
X-Spam-Level:
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham
version=3.2.3
X-Spam-Report: * -2.6 BAYES_00 BODY: Bayesian spam probability is 0 to 1%
* [score: 0.0000]
X-SA-Exim-Version: 4.2.1 (built Tue, 09 Jan 2007 17:23:22 +0000)
X-SA-Exim-Scanned: Yes (on bitfolk.com)
Subject: Re: [bitfolk] centralised clamav - a sticking point
X-BeenThere: users@???
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Sun, 28 Dec 2008 18:36:04 -0000
Andy Smith wrote:
> The only thing I can think of is configuring each clamav box to use
> a different port range and mapping all those ports on the load
> balancer to the correct boxes. That's really horrible. Anyone got
> any better ideas?
>
I might be missing the point here a little bit, but is there any reason
why you're not load-balancing via SMTP? Perhaps I'm assuming that
everyone wanting ClamAV and/or SpamAssassin centrally is only going to
be scanning mail, but it seems to me like either offering an MX solution
or an SMTP server which accepts mail from the BitFolk network and
resends it whence it came post-scan would be easier to setup. This could
still be load-balanced via haproxy, but the internals of scanning then
would be inside boxes.
Otherwise I would think that you're down t
