6

I currently have a server running Debian 6, with postfix and dovecot handling email. This server hosts email for a number of domains and users, so I use MySQL as my backing store for users and forwardings and everything related.

Currently, this server is the only server listed in an MX record for all of the domains it serves. I would like to create a secondary server that would be listed in the DNS with a lower priority (e.g. current primary server is priority 5, secondary would be priority 10), so that in the event that I need to reboot the primary server, or otherwise make it unavailable, the secondary server would receive email, and hold it until the primary server came back up, at which point it would deliver any held email to the primary server.

I do not need the secondary server to function as a backup sending server. Users would never need to see the secondary server, they would simply not lose incoming emails if the primary server is down, and they would be unable to send or receive until the primary came back up.

How would I go about doing this? I would like to use the same software if they can handle this task, because I’m already familiar with managing them.

Abraham Vegh
  • 1,045
  • 5
  • 17
  • 26
  • SMTP is made for being run on unreliable or unstable networks. So there is no need to have a secondary MX. All mails will be resent later. – mailq Nov 29 '11 at 23:06
  • 5
    Oh @mailq, you are so wrong. Having two allows you to (a) test out new configurations, (b) scale out instead of scale up, (c) do scheduled maintenance, (d) guard against hardware/application/etc failure. There's lots of reasons to have a secondary. – MikeyB Nov 29 '11 at 23:13
  • 1
    @MikeyB is correct: Aside from the other reasons, I want the secondary for scheduled maintenance. – Abraham Vegh Nov 29 '11 at 23:19
  • @MikeyB Only if you use the secondary to deliver directly to the database (or mail storage! If you do it as described in the question (store and forward to the primary), then the secondary is useless. – mailq Nov 29 '11 at 23:26

5 Answers5

8

When your primary isn't available, the foreign mailserver queues mails und does a delivery retry up to five days. I haven`t setup an additional MX, because most spammers deliver to the secondary first. Often this server isn't maintained as good as the primary.

summa summarum: much work, less benefit. Let the world queue your mails!

ThorstenS
  • 3,084
  • 18
  • 21
  • Heh. That’s an interesting way to do it. So, assuming the majority of the world follows the standard “queue for 5 days” protocol, it’s safe to take down the server for 20 minutes. But, what happens when I don’t want delivery to fail? I have no problem with spammers delivering to the second server, because it will just deliver immediately to the first. I want no delivery delays. – Abraham Vegh Nov 29 '11 at 22:23
  • @abrahamvegh See my answer for your question. But when you follow Thorsten's advice you don't let delivery fail. The sender gets notified for the failed delivery (after hours or days but this would be the exact same timespam your secondary can not deliver to your primary). So same "non final delivery" or same "delivery delay". – mailq Nov 29 '11 at 23:11
  • @mailq I understand what you are saying, but please see my response above. – Abraham Vegh Nov 29 '11 at 23:21
7

There is a complete documentation on how to setup Postfix as primary and secondary MX. Just follow the guide: http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup

mailq
  • 16,882
  • 2
  • 36
  • 66
1

You need to use one of the available HA solutions such as keepalived or heartbeat. This package will assign a VIP to one of the servers. The other server will sit idle.

Then, you need to set the virtual IP (VIP) in the DNS MX record.

When the primary server (holding VIP) is down, the other server will get the VIP and be able to send/receive emails. The users should not notice this at all except for the IP transition period between the two nodes (few seconds).

There is one point to consider which is the email directories sync. There should be a mechanism to sync the email dirs between the two servers to make sure you don't lose any email when a switch occurs between the two servers.

Khaled
  • 35,688
  • 8
  • 69
  • 98
  • This is a nice-sounding solution, but it’s not the solution I want. I want the onus of finding an available recipient server to be on the sending client, not on my receiving end. I know what I want is possible, because I have seen it work before. I don’t need a complex HA setup to achieve that. But, I appreciate the answer. :) – Abraham Vegh Nov 29 '11 at 20:45
  • I did not get your point! – Khaled Nov 29 '11 at 21:11
  • 2
    The point is that SMTP already has a built-in mechanism for failover (multiple MX records) so the added complication and maintenance of using a single virtual IP is unnecessary and makes the system more fragile. – MikeyB Nov 30 '11 at 01:15
0

Generally in that sort of scenario you put a spam filter box out in front of the actual mailserver, and let it queue mail for when the actual server is down. It also gives you the additional benefit of offloading your spam filtering from your mailserver.

Driftpeasant
  • 3,207
  • 2
  • 20
  • 28
  • Any specific input on how to actually implement that? I’m basically looking for information on how to best configure Postfix. – Abraham Vegh Nov 29 '11 at 22:23
  • If you want to get information about "best" Postfix, this site is **not** good, as these questions are off-topic as defined in the [FAQ]. But on the other hand you _must_ read [The Book of Postfix](http://www.postfix-book.com/) and should read the Postfix documentation about that: http://www.postfix.org/POSTSCREEN_README.html – mailq Nov 29 '11 at 23:19
  • Thanks for those links. Allow me to reword: s/best/proper -- I am looking for answers from those who have more experience than I, and I seem to have found it. I don’t think this is off-topc. :) – Abraham Vegh Nov 29 '11 at 23:24
  • @abrahamvegh Don't get me wrong. The original question above is a (very) good question! But a question "How to proper setup Postfix?" is a very bad question. Because your "proper" is not my "proper". – mailq Nov 29 '11 at 23:33
0

The backup MX is almost useless, but I still use it, because I don't want to relay on other servers queuing policies, but take control of all the email transport for my clients. BUT - the most important thing is to have a back up DNS server, because mail will bounce as undeliverable, if no MX host is found. It is very simple to set up secondary MX server. Just use postfix and transport maps (routes).

Arty
  • 1