- Solution Overview
- Security Layers
- Services Architecture
- Integrating with Other Solutions
- Clustered Operations
- Administration Tools Overview
The services that run on the front-end nodes of the cluster are only the proxy services. All of these services can run on any number of systems without affecting the overall cluster availability. As long as one of the front-end nodes is still serving incoming requests, the cluster will be fully functional.
Because all front-end nodes are identical, you can add or remove nodes at will. The more front-end nodes your cluster has, the more requests will be processed at the same time. It is important to have sufficient front-ends to keep up with the number of the requests, especially during peak activity times.
The following services provide proxy abilities within Axigen:
- SMTP Proxy routes and authenticates incoming SMTP sessions. This service is vital for mail delivery within the cluster.
- IMAP Proxy routes and authenticates IMAP sessions. This service allows users to retrieve their messages from their back-end account through the proxy using the IMAP protocol.
- POP3 Proxy routes and authenticates POP3 sessions. This service allows users to retrieve their messages from their back-end account through the proxy using the POP3 protocol.
- WebMail Proxy routes and authenticates WebMail access requests. This service also renders the web pages requested by the web browser, using the information retrieved from the back-end server holding the user account.
The SMTP Proxy
While configuring the Axigen cluster, the SMTP service can be set up using two methods. The default state of this protocol enables it to run as a 'local' service, meaning it will try to deliver messages locally if the destination of an email is a domain defined in the Axigen configuration. The second state, that can be enabled and disabled as required, is the 'routing' state.
If the SMTP service is set up to route connections, it will use its assigned user map to decide where an incoming connection must be forwarded. This action will only be taken for entries found in the user map. If the destination is not present in the mapping system and no result is returned, then the service will relay the message and normal SMTP policy rules will apply.
Because the SMTP service can only be reached from the outside while using the standard port 25, the proxy service should run on this port. Using another port for the proxy setup can render the cluster useless.
An open relay among the front-end nodes is very hard to spot and can cause many problems with spam and black lists. Special care is recommended while setting up SMTP proxies to prevent such issues.
The SMTP proxy uses the same authentication method as all of the other services that run on that particular node. This is why, in the event that LDAP authentication is used, the same connector will be used for all services.
The IMAP and POP3 Proxies
Both of these services provide similar functions within the cluster and from a configuration standpoint, they are identical. They both use the same authentication method, internal or LDAP, and in the second situation, they use the same connector. In a similar way, the same user map is used for the routing section of these services.
The only notable difference between configurations of these services is the failover address and port used. The failover address is used in case a match is not found in the user map. As these services use different ports and different protocols, an IP-port pair can be specified as failover for each individual service.
Both IMAP and POP3 proxy services can run on the same system as the IMAP and POP3 services, forwarding requests to the same system or another system when required. This helps with the design of single tier clusters that have neither stand-alone front-end nodes, nor load balancers.
The WebMail Proxy
The WebMail proxy replaces the standard WebMail interface available on an individual Axigen server. The public area of the interface and the main login page are identical to the normal WebMail interface but the session information displayed after the login procedure has been completed and is preloaded from the back-end nodes.
User maps are used to provide routing information to the proxy services running on a cluster node. More than one user map can be defined and each can be configured separately.
A user map can have one of the three following types:
- Local File - Uses a specified path to load a local file containing the routing information.
- LDAP Password - Connects to an LDAP server using one of the defined connectors.
- LDAP Bind - Uses bound connections to an LDAP server requiring authentication such as an Active Directory tree.
Once the type of the mapping is set, the configuration details must be solved. For the local file mapping to work, a local file with mapping information must exist. This file must have the correct permissions set for Axigen to access it and retrieve the information.
With the LDAP mapping type, an LDAP connector must be selected from the list of defined connectors. If no connector has been defined, a new one must be set up so Axigen can retrieve the mapping information from the LDAP server.
Each user map can use one LDAP connector at a time. Therefore, only one base DN and only one search pattern can be set to retrieve the information from the directory. While defining the LDAP connector a search pattern, that can return all user entries defined, should be used with caution so they can all access the system. If the pattern cannot match all entries, the ones excluded will never be matched by the mapping system even if they are defined in the LDAP directory.