Hi all, I'm trying to configure a layout with 2 mbox servers, 2 ldap, and 2 mta servers. All of them reside behind a L4 infrastructure.

Q1) does it make sense to put the proxy servers on the mbox machines or on the MTA's?

Q2) is there anything short of an internal DNS server that can fix the postfix DNS issues, and if I need to put one up, what configuration do I need to have for each host. From the outside world I want everything to point to one VIP, but from the inside which machines need to be MX's? I assume the MTA's but do all of them need to MX'ed to themselves?

Q3) So far I can get all the machines to talk to eachother except for the mail issue (see Q2) and the fact that zmprov fails on the mta machines. For some reason running zmprov on the MTA results in:

ERROR: zclient.IO_ERROR (invoke Connection refused, server: localhost) (cause: java.net.ConnectException Connection refused)

What can be the cause of this?

Q4) During the installations the mbox machines ask for a MTA to use, and the MTA machines ask for a mbox to use for authentication. Can this be a one to many setting which allows the mbox machines to use all the mta's and the mta's to use all the mbox's to avoid secondary issues if a machine goes down?

Q5) How do you solve the http->https redirect issue using the proxy? The proxy can't handle the mixed or redirect modes, but what I would like is to be able to mimic the redirect mode.

Thank you.