This page is out of date, please use our new website https://surgemail.com

Smart Router / Load balancing

When you use a Smart Router or Load Balancer incoming connections are distributed amongst your servers, this can cause WebMail options to fail with 'auto-login' errors. If you have this problem then the solution is either to upgrade to a newer version of SurgeMail and WebMail, to bypass the load balancer, or to add webmail_host settings to each domain affected (which is usually all of them).

If you are running webmail on the surgemail machines then you need to upgrade or add webmail_host. The setting required is:

webmail_host "127.0.0.1"

The reason for this is due to the way in which WebMail handles those options, they are actually supplied by the user.cgi handled internally by SurgeMail. WebMail passes the users authentication information to SurgeMail then redirects the user to it. The problem that occurs with a load balancer is that the connection from WebMail to the server via the load balancer will lilkely go to a different server than the one the user is later redirected to.

This is the case even when the load balancer is smart and sends connections from the same ip to the same place because WebMail's ip is not the same as the users ip. The solution is to stop WebMail connecting to SurgeMail via the load balancer but rather to connect to the server upon which it is hosted, the same server that the load balancer will direct the user to (assuming it has the same ip to same place feature enabled).

The setting webmail_host is required only on earlier versions of SurgeMail (3.1e-3 or earlier) because in these versions the domain A record name was being used as the address to connect to, this A record name is typically set to the external name/ip of the load balancer.

If you are running WebMail on a seperate machine to SurgeMail you cannot have it connect to SurgeMail via the load balancer, auto-logins will fail. The reason they will fail is that the webmail connections will come from the ip of that machine but the autologin request will come directly from the user, so the ip's will not match and it is unlikely that the load balancer will select the correct surgemail machine (the same one as webmail was using for that user).

To enable auto-logins to function in the above situation you have to bypass the load balancer. To do that configure webmail to connect directly to a single backend surgemail server and also configure the url section of the netwin_autologin_id settings such that they are complete urls directly to the same backend surgemail server bypassing the load balancer.