Multihomed email

Question

Our primary MX record points to an external server which handles spam filtering, thereafter the mail is pushed to our internal mail server. The mail is never stored on the external server for longer than it takes to process the mail and deliver it to our internal server.

The current setup requires that we connect to our internal server to retrieve mail. The problem with this setup is that roaming users are unable to access their email if our internet connectivity at the office goes down. An alternative is to host all our mail externally, but this means that users in the office must be connected to the internet for the duration it takes to download and send all their mail, which will be significantly slower than if we had a mail server on the LAN handling the mail. Additionally, this setup would mean that even internal mail has to leave the network, which is terribly inefficient.

Are there any methods whereby we can have both our internal server and our external server hosting the mail, and depending on the DNS record (from within the office the DNS record will resolve to our internal server, and externally the record will resolve to our offsite mail server) our users will always be able to send and retrieve their mail? ie. users should be able to use either of the two mail servers to retrieve their mail. I've given some thought to using IMAP in this situation, but would this not cause mail duplication when switching between servers?

The architecture is irrelevant. I'm looking for any solution, regardless of whether it's based on Exim, Exchange, or anything else that we can setup ourselves.

score 1 · Accepted Answer · answered Aug 03 '11 at 16:58

1

There is no solution to your problem, as you already refused any option. Only three options are available:

Server is internal. Contras: You can't access it from extern when your Internet connection is down.
Server is external. Contras: as above, plus all mails have to be transferred from internal to external and for reading even back.
Server is internal and external. Contras: all from 1) AND 2), plus that synchronizing stuff is not easy.

So why not go with the option with least impact? I would choose 1) because how big is the risk of a failure in Internet connection?

answered Aug 03 '11 at 16:58

mailq

16,882
2
36
66

Sorry, I don't follow - why does your option 3 include the cons from both option 1 and 2? The idea is that users should be able to access their mail from either of the two servers - whether it's possible to keep the two servers perfectly synchronized (and how) is what I'm trying to find out. To answer your last point, the risk of failure of the internet connection is fairly high - ADSL in South Africa isn't too reliable. Offsite would be more reliable since the server would reside in a hosting centre on the internet backbone. – Richard Keller Aug 03 '11 at 18:31
@Richard - Option 3 introduces The Synchronization Problem. The Synchronization Problem is to be avoided - that way lies only pain and madness. If your ADSL is unreliable an external server is the way to go. – voretaq7 Aug 03 '11 at 19:18
@Richard how will you synchronize when there is no connection between both points? You get out-of-sync and then need to synchronize everything. Not only the mails but also the flags of each mail. And during handling the backlog there are changes on both systems. – mailq Aug 03 '11 at 19:32

MDMarra · Answer 2 · 2011-08-03T19:22:43.283

Why not just have your mail servers in your DMZ, or at least the Exchange server with the Client Access role? Then they'll traverse your internal network when they're in the office (assuming your routing and DNS are configured properly) and external clients will have access based on whatever firewall rules you have in place.

AFAIK, Microsoft's recommendation is to put Edge Transport and Client Access on the outside/DMZ, Hub Transport wherever you need it based on your infrastructure, and the Mailboxes on the trusted side of your firewall. This allows you to open whatever services you see fit to the outside while keeping your mail secure on the inside.

If your office network link is reliable the DMZ solution is a great way to go. — voretaq7, Aug 03 '11 at 19:19

score 0 · Answer 3 · answered Aug 03 '11 at 15:51

0

I'm not sure I understand. You say that the internal server is a requirement because it is faster (because it's on the LAN), but then you say that you want people to be able to access their email when the internal server is unreachable. You've kind of boxed yourself into a hole. You might want to look into off-site exchange hosting. They might have a solution for the sort of thing you're looking for with some sort of replicating module you can run on an 'internal' server.

answered Aug 03 '11 at 15:51

Aaron

2,968
1
22
36

Well the idea is that people should be able to retrieve their mail from either one of the two servers, depending on their current location. Whether or not this is actually possible is what I'm trying to find out. If there was some way of synchronizing the two servers... – Richard Keller Aug 03 '11 at 18:27

Multihomed email

3 Answers3