The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

exim secondary mx setup

Discussion in 'E-mail Discussions' started by Mauritz, Jul 15, 2015.

  1. Mauritz

    Mauritz Active Member

    Joined:
    Apr 29, 2015
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Johannesburg
    cPanel Access Level:
    Root Administrator
    I want to setup a secondary mx exim (mx2.example.com) server which needs to accept mail in the event where our primary cpanel server is down, and forward all those mail to the server once back up.

    Here is the steps I have taken to accomplish the above:

    1) I have the secondary server ready, the hostname and reverse dns has been setup etc. The server is also running exim which is receiving emails.
    2) I have added mx2.example.com at a higher priority than the default server to test on one of our domains. 0 mx2.example.com 10 domain.com
    3) I have copied /etc/localdomains to /etc/remotedomains and /etc/secondarymx from our cpanel server to mx2 using rsync.

    When I attempt to send an email to the test account, it is received by mx2 but bounces due to a 550 relay error.

    I have not configured any exim configuration to ensure that I use the correct and approved cpanel way to accomplish the above. I would like to ensure that mx2 only accepts and delivers mail back to the cpanel server for the domains hosted with us. We're using dovecot as our incoming mail server on the cpanel server for reference.

    Could someone (with patience) please provide me some guidance as to what I need to do to accomplish the above. I do not want to fiddle with the exim/dovecot configuration on cPanel and risk having client email problems.

    I have followed a guide which was created over a decade ago on the cpanel forums:

    https://forums.cpanel.net/threads/help-exim-as-backup-mx-server.19981/

    I don't know if it is entirely still relevant and if there is anything else I am missing.

    Thank you!
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    This is not a sufficient way of setting up email redundancy because you have not created any email accounts on the additional server. As mentioned in your other thread, you can setup a remote mail server, update the MX records for your domain names, and email is then handled on that remote mail server. However, note that customers will need to manage/create their email accounts on the remote mail server, and there's no integration with the existing cPanel server.

    Thank you.
     
  3. Mauritz

    Mauritz Active Member

    Joined:
    Apr 29, 2015
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Johannesburg
    cPanel Access Level:
    Root Administrator
    Hi Michael,

    Always on the money! Just want to make sure I understand you correctly:

    I get confused with the secondary/backup/relay/smarthost jibber jabber. What I want to do is setup a 2nd exim server which should handle incoming mail in the event that our primary exim (cpanel) server is down. So I don't want to move the mail services away from our cpanel server, but just setup a wingman to handle those hangover days. I want the 2nd server to then receive an email for say name@example.com, which is setup on our cpanel server, and then deliver it to the cpanel server. If cpanel is off, I want it to hold on to it and try again later. wingman will be set to a lower mx (say 10 where cpanel would be 0) so it would in actual fact only receive mail when our main server is down.

    If I understand you correctly this will not be able to work as the accounts itself would not be setup on the 2nd server, which is kind of a must have to understand where you're trying to deliver it.

    What do you recommend?
     
  4. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Here is my take.

    In /etc/exim.conf (on a cPanel box) you will find:

    domainlist relay_domains = lsearch;/etc/localdomains : \
    lsearch;/etc/secondarymx

    That says that the server will accept mail for any domains listed in /etc/localdomains (which is where locally hosted email domains are listed on your primary cPanel server) as well as any domains listed in /etc/secondarymx

    I don't know if your secondary (backup) exim server is a cPanel server or not. But it must be made aware of all of the domains for which it will act as a secondary backup by having a similarly crafted line in its exim.conf and then those domains added to the appropriate file in /etc/secondarymx.

    It's been a while since I have configured a standalone exim box, so I'm not sure if /etc/secondarymx is a typical file on a standard exim install that is checked / used on a default exim installation. But I think you get the picture. In exim.conf on the backup server, relay_domains needs to be set to look for a list of domains that you want to do backup mail duty for.

    One caveat [for any backup mail server] -- and that is that it will accept mail for ALL email addresses at all domains, even nonexistent email addresses. So, if your primary server is down and your backup is set to accept mail for domain1.com and then delivery it to the primary MX when it is back online, then spam can come in for 1000 nonexistent users in the @domain1.com domain and the backup server will accept/store those emails. Then when the primary mailserver is back online, the backup MX will forward those emails to the primary mailserver. The primary mailserver will reject mail to the nonexistent users @domain1.com, which will then force your backup MX server to bounce spam. That isn't a good thing.

    You never want to bounce spam / email originally destined for nonexistent users. You always want to reject that during SMTP time. But you can't do that unless the backup MX knows of ALL of the valid email addresses (email accounts, mailing list addresses, forwarders) that are configured on the primary server.

    With all of that said, a quick and dirty plain old exim backup MX can be made by making sure relay_domains includes the list of domains from your primary server, using the method above. Just be aware that the backup MX by default is going to accept ALL mail for further delivery and then will end up being forced to bounce spam / messages to nonexistent recipients back to the sending mailservers -- which can cause backscatter.

    Mike
     
  5. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,279
    Likes Received:
    36
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    Also, for a pretty fair price, you can obtain a secondary MX plugin from NDCHost ( https://www.ndchost.com/cpanel-whm/addons/pluginsmx/ -- unless this gets removed for advertising ). They charge $5/mo for the secondary MX plugin if you run it on your own cPanel DNSonly server. Or they can provide you with a cPanel DNSonly VPS with the secondary MX plugin for $10/mo.

    I have never used it. I don't know if their secondary MX plugin is such that it makes the secondary MX "aware" of all of the email accounts / forwarders / mailing list addresses on the main server or not. So, before you buy, be sure to ask them if it does. If the secondary MX plugin just syncs the relay domains from the primary to the backup and doesn't somehow provide the backup with a list of valid email addresses from the primary, then I don't think it would be worth it since you can easily make your own exim backup server behave like that already.

    What you are looking for is a backup server that "knows" all of the email addresses (accounts / forwarders / mailing lists) on the primary server and thus only accepts mail for those, thus eliminating the unnecessary backscatter.

    Mike
     
  6. Mauritz

    Mauritz Active Member

    Joined:
    Apr 29, 2015
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Johannesburg
    cPanel Access Level:
    Root Administrator
    Mike, thank you very much for your clear explanation.

    I have placed an order with them a while ago but did not get any feedback until days later, at this stage I was already having a go at figuring it out myself. I am able to get a list of all of the users on my cpanel server (user == email accounts) and then sync them to the secondary server. I am just not sure how this will then be implimented at exim level.

    Further than that, thank you both for helping.
     
  7. mstorman

    mstorman Member

    Joined:
    Dec 7, 2005
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Here's my recommendation. Head over to NDCHost.com and purchase their DNS Server only, with the sMx plugin. This will do two things. First, it will give you a secondary name server on a different class c network, per RFC requirements. Secondly, you'll get the solution that you request. I've been using this solution for about 5 years now and it's treated me very well. If you need someone to set this up for you I can do it for a small fee.
     
  8. François Marchildon

    Joined:
    Sep 9, 2015
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    About NDCHost.com's secondary MX plugin. Here is a little chat I had with them. It seems it only does a pretty basic configuration as described above by mtindor. 5 $ per month down the drain for a few rsync commands and a few lines of exim configuration.

    Me:How does it handle spam filtering, recipient email address validation, SPF and DKIM verification ?

    Does it sync spamassassins, whitelists, blacklists, and other filtering/limiting rules from the main cPanel ?
    Rory Blanchard: Hello, how can I help you?
    Rory Blanchard: Our plugin doesn't help or hurt backscatter
    Rory Blanchard: And it doesn't do any filtering or verification
    Rory Blanchard: It just holds the mail for delivery until the primary server is up again. Once that happens, the primary server would be doing the filtering as normal.​
     
Loading...

Share This Page