A while back I described our old mail system's configuration. Now it's time to describe our current mail system's configuration ('current' as of April 2010, although it's been pretty stable for the past year or two).

Unlike our old mail system, we now trust NFS; we keep /var/mail on our fileservers, along with everything else important, and the mail machines that need to deal with it use NFS. This has significantly simplified things.

The current email system looks like this:

• mail from the outside world comes in to our MX gateway, where it is run through a spam checking process and then forwarded to our central mail machine.

• our central mail machine handles all aspects of email to local addresses; it delivers to /var/mail (and to people's 'oldmail', which keeps a copy of all email to them for the 14 days or so), expands user .forwards and local mailing lists, and so on. It normally delivers email directly to the outside world (using a variety of IP addresses); however, we found it necessary to forward spam-tagged email for the outside world to a separate machine for delivery.

  Users are now encouraged to have procmail and so on deliver directly to /var/mail instead of using the old special addresses that we used to use (although those addresses are still supported).

• the spam-forwarding machine accepts email from the central mail machine and sends it to the outside world.

There is still a separate mail submission machine for outgoing email (whether from user PCs or our servers). As before, it routes email for our domains to the central mail machine and otherwise sends email straight to the outside world.

There is a separate IMAP/POP server; it accesses everything over NFS, with user inboxes in the NFS-mounted /var/mail and user mail folders stored in their home directories. We have not had any problems with NFS locking between the IMAP server and the central mail machine.

That the MX gateway is separate from the central mail machine is an accident of history, but I think that it simplifies the mailer configuration for both of them. It also means that the system is more resilient in the face of NFS fileserver problems. Since the central mail server accesses /var/mail and user home directories, it is entirely dependent on all of our fileservers working; by contrast, the MX gateway is basically indifferent to NFS, since all it does with email is forward it to the central mail server.

(All of these machines have mirrored system disks, because they do have email sitting in their local spool areas while it's in the process of being delivered or shuffled around.)