Mail servers setup - HA

Question

I would seek your expert guidance for this topic and your help would be really appreciated.

I want to setup mail service in my org in such a way that they are highly available and even if one of the server goes down the other will keep on serving the traffic.

The scenario is like below:

the internal apps will connect to the internal mail servers (in HA high availability), and then once the mails are received by internal mail mail servers they will further relay it to external mail servers (they are withing org, but internet facing, again HA), then those servers will be forwarding the mail according to recipient.

these servers mainly be for relaying the mails outwards and the from domain would be different to what these mail servers will be on. For example, the mail could be coming from helloworld.com, asdf.com and etc, however, the servers are hosted on testing.com.

So any tried and tested HA setup available for this, which someone already be using it for?

internal apps --> "internal servers" --> "external relay servers" --> outside

The mails will be like below:

from: john@asdffff.com

to: tom@foo.org

Their apps will just send the mails to us with relay settings. How can I setup this in HA?

The setup is being done on centos9 with postfix as mail server software.

These servers are VM on vmware, so in terms of hardware failure we are covered, as they migrate to another host. However, if the server gets restarted or during patching we need to take one out the other server can keep the traffic running. They will be accepting mails from internal network and then forwarding accordingly to internet. They will not host any mailboxes as that would add complexity in terms of shared storage. Has anyone setup such scenario at their end? How you guys did it?

Answer 1

(this is mostly comment, but space is limited in the comments box)

Even if I assume that english is not your first language, the way your post is presented you appear to have limited experience with technical architecture and SMTP. You're going to have a lot of issues setting this up and running it. You still have a lot of learning to do.

You also seem to have already made decisions about the architecture but provided no justification for this. Notably, why have you decided to use 2 tiers of relays?

I infer from your post that you may be talking about a large volume of emails - but you didn't say how much, nor did you say about where the emails were going. Getting good deliverability and IPR is not easy.

But to address only the question you asked - this is trivial. Just use haproxy to distribute the traffic. Ideally on the origin hosts. Use the mail submission port rather than generic SMTP port for the traffic. Do provision and require authentication from the start, even if you are on a network that is considered secure. Consider partitioning your email traffic into high quality/low quality streams using different public IPs at an early point.