Redundant mail servers

You might be interested in this link as it gives some perspective/opinion about using multiple mx records. Personally we have opted for secondary dns with Zone Edit as a way to have dns redundancy.
http://forum.ev1servers.net/showthread.php?threadid=37177

 

It's extremely easy to do with Exim on cPanel servers:

1. In DNS create 2 MX records for the domains that you want a backup for:

One should point to the domain of your primary server (the one where the accounts are) with the lower value (e.g. 5)
The other should point to the secondary server (where you want store then forward) set higher, (e.g. 10)

2. On the secondary server:
edit /etc/secondarymx and add the domain name

That's it. If the SMTP server on your primary server is unavailable email will be stored in the queue on the secondary server until the primary comes back up, when it will forward it on to the primary for delivery.

 

secondary MX store and forward with Exim...

Hi,

I'm new to Exim and MX splitting between remote and local mail servers, so thanks for any help anyone can offer.

I have a scenario where I am hosting a DNS and web site for a client who runs their own mail server using MDaemon at the end of their ADSL with a separate ISP.

I have configured an MX entry value 10 to point to their static IP address and a second MX value 20 to point to their ISP's store and forward MTA facility.

I need to provide another secondary MX value 30 to store and forward in case of their server or the ISP's being unavailable. So I need to know how to configure this using Exim.

>2. On the secondary server:
>edit /etc/secondarymx and add the domain name
>
>That's it. If the SMTP server on your primary server is unavailable email will be stored in
>the queue on the secondary server until the primary comes back up, when it will forward it
>on to the primary for delivery.

Okay, so I've done that., but how do I know if my Exim configuration will handle it if their primary and secondary are unavailable?

Isn't there any specific configuration in /etc/exim.conf required to tell exim what to do for that domain name and to handle retry delays if primary is unavailable?

For instance, in my reading I have found some information and I'm wondering if this next section is also relevant and required?

I found some info. as follows at http://sourcepole.ch/sources/reviews/store-and-forward.xml:

-----quoted section-----
Now you have to adapt exim's configuration file. First exim needs to know that you want to relay all email to myownnet.com. So add somewhere at the beginning of exim's config file (idealy in the first section!!!):

relay_domains = myownnet.com
Next you have to tell exim where to route that email to. So insert at the beginning of exim's routing section (there should be a comment in the config file telling you which the routing section is):

store_and_forward:
driver = domainlist
transport = remote_smtp
route_list = "myownnet.com smtp.myownnet.com"
Be aware that order is important in the routing section, so if you put this entry at the end of the routing section it might as well not work.
-----end quoted section-----


thanks and regards,

Bradley Hughes
Host2Grow.com

 

Hi Bradley,

That is all you need to do. What happens is that exim looks in /etc/secondarymx to see if it should relay email for the domain. Since it is not in /etc/localdomains (i.e. make sure the domain is not) and if you're hosting the domain that it is in /etc/remotedomains (i.e. make sure that it is), then exim will simply put the email into its queue until such time as it can deliver it to a lower scoring MX entry.

 

Anyone come up with a nice way to automate the addition of the domains from the main server into the /etc/secondarymx on the backup MX server? In my case both servers are CPanel and being backup MX for each other.

 

Is there any way to do this serverwide without editing each zone's MX entries? This would entail too much manual labor to complete on full machines.

 

You would have to write, or find (or hire someone to do so), a script to write a script to automate modifying the MX records and increasing the serial numbers. It's quite straightforward a task for someone familiar with text manipulation in a typical scripting language.

 

As I read this, it looks like all the SPAM, and junk mail, etc would go to the second server. Would the verify recipient be nullified because it was a seconday mx (I am guessing becaue it is supposed to relay) and that could have that mail queue fill up with garbage that the primary server would not accept?

 

Yes, that is a major issue with using a backup MX. If you used MailScanner to check your email you can configure that to weed out spam/viruses before it gets in the queue and the sender verification will still work. But as you rightly say, RCPT verification will no longer work as the original SMTP connection is long dead. It will still fail emails, but only back to the backup MX which will just drop them.

 

Chirpy,

I'm currently having that problem. My secondary server is getting backed up with garbage. I have Mailscanner installed (your company actually installed it). But it is not weeding out the garbage. What do I need to change to have it weed it out instead of filling the queue with garbage e-mails rejected by the primary server?

 

That's can be difficult. What exactly is filling the secondary queue or is it email that hasn't been scanned, or is it failed email due to RCPT failures on the primary? If it's the latter I don't think that there's anything you can do about that because of the nature of how backup MX works. There's no way for the secondary MX server to know whether there's going to be a RCPT failure since it cannot do a forward lookup if the primary is unavailable.

 

The messages are spam mostly being blocked by the primary server with sender verify failed messages, which are then being backed up in the secondary queue.

But the strange thing is that mailscanner is letting them through just fine on the secondary service, saying they are clean, and then mailscanner on the primary is marking them as spam and deleting.

Could it be becuase of the secondary mx, the secondary server isn't scanning them?

 

Ah, OK. MailScanner normally won't scan emails to domains not listed in /etc/localdomains. You could remedy that by changing the MailScanner rule defaults to always scan on the secondary server, i.e.:

/usr/mailscanner/etc/rules/spam.scanning.rules:

FromOrTo: default yes

/usr/mailscanner/etc/rules/virus.scanning.rules:

FromOrTo: default yes

and if you want:

/usr/mailscanner/etc/rules/spamhigh.action.rules:

FromOrTo: default delete

Then reload MailScanner:

service MailScanner reload

 

Thanks. That should help a lot!

 

Hi Folks;

I've tried the various solutions listed in these threads, but without luck. I have a client who has their own mailserver, and have entered their remote IP into the DNS under mail.xxx.xxx.xxx. I've added their domain to /etc/remotedomains, and made sure it's not in /etc/localdomains. I've also entered their domain into /etc/secondarymx, but every mail sent to them bounces with unrouteable mail domain "xxx.xxx.xxx"

I tried to create the forward rules suggested by host2grow, but exim gives errors on the forward rule. At this point I just want to get mail sorted and flowing again, can anyone offer any tips or pointers?

steve

 

Use the "edit mx record" utility in either cpanel or WHM to do this.

Otherwise, the software won't "fix" the right files...

 

Thank, but I resolved the problem same day, just wanted to sleep afterwards.

I was using linux itself to modify the files (i'm a CLI guy from way back). The problem wasn't with the Exim files, it was the hostname the client gave me was wrong. They provided elmo, but the server name was Elmer. Hence, it wasn't replying when it got queiried by name.

Problem solved once I actually telnetted to the host and found the hostname.

Thanks for the reply.

 

Thanks Chirpy. You're a legend, (whereever you're from!)

 

Hi,

I have 4 cPanel servers, i have cluster DNS on the 4 servers, so if one goes down the DNS are still available, what is the better way to add the mx records

mx 10 = mail.domain.com
mx 20 = 111.111.111.111 or mail2.domain.com

and add a DNS A entry for mail2.domain.com = 111.111.111.111 ?

Thanks
Ruben