10

I'm wanting to set up a secondary MX server using Postfix but I am wondering what is the best way to test this prior to putting into production (by adding its MX entry)?

One possible way is to test it with an entirely different domain name, ie buy a domain like "fake-test-domain.com" and set it up its DNS zone with ONLY this backup MX server.

Any easier way I can just force a mail server to send a message to this server before it's listed in DNS?

I don't think I can use the hosts file on the sending system because that wouldn't emulate an MX record, right?

pete
  • 693
  • 1
  • 7
  • 15
thomasrutter
  • 2,437
  • 1
  • 25
  • 34
  • 2
    You can just enable the secondary MX. As long as it has a lower prio in the MX records, no delivery will be done to it, and you can test as @EEAA mentioned. BTW: beware that fallback mailservers are spam traps. And if you don't set up recipient verification, you get a lot of bounce messages to whatever from-address spammers use. You may want to set up a manual or automatic system that control iptables rules for access to port 25. Most sending servers have three days deferral time, so it's easy to manually open the fallback MX port 25 only when it is necessary. – Halfgaar Jun 23 '14 at 09:49
  • I would question why you think you need a secondary MX? – joeqwerty Jun 23 '14 at 12:05
  • @Halfgaar if the secondary MX server is misconfigured it could lead to loss of mail in the unlikely event that a sender is unable to connect to the primary MX server for any reason (including a connectivity problem at their end). At least if it hasn't been added to the DNS yet then a transient issue with the primary won't cause loss of mail - a sender will just queue the mail and try again later. – thomasrutter Jun 24 '14 at 00:03
  • @joeqwerty I'm actually thinking of migrating a mail server to another machine which will involve setting up the *old* server to relay to the new server during the DNS propagation (even with low TTL values, some resolvers will cache for 30 minutes or more). Since I'll need to put in the effort to get this relaying working correctly anyway, I thought I may as well create a backup MX server configuration. And it'll be a learning experience. This was just to give a bit of background about why. – thomasrutter Jun 24 '14 at 00:06

2 Answers2

20

Just use a telnet session to test email delivery. As an example,

# telnet host.domain 25
Trying host.domain...
Connected to host.domain.
Escape character is '^]'.
220  ESMTP
HELO example.com
250
MAIL FROM:<user@example.com>
250 ok
RCPT TO:<user2@example.com>
250 ok
DATA

To: user2@example.com
From: user@example.com
Subject: a test message

Test message body.
.
250 ok
pete
  • 693
  • 1
  • 7
  • 15
EEAA
  • 108,414
  • 18
  • 172
  • 242
  • 13
    +1 - Anybody who administers an SMTP server but can't run the protocol "by hand" in TELNET has no business administering an SMTP server. – Evan Anderson Jun 23 '14 at 07:14
  • 1
    @EvanAnderson This is a good general principle until it comes to testing STARTTLS or any AUTH other than PLAIN. But yes in this case you're absolutely right. – thomasrutter Jun 24 '14 at 00:14
  • 2
    @thomasrutter I routinely test `STARTTLS` by hand, using `openssl s_client -starttls smtp -connect ...`. But I agree about non-PLAIN authentication methods being problematic. – MadHatter Jan 20 '16 at 11:56
3

When telnet is not enough, or too tedious, I use SWAKS

eg:

 cat email-content.txt | 
 swaks --body - --helo localhost.localhomain --server mail.example.com:25 \
  --auth-user fred --auth-password flintst1 -tls \
  --h-Subject Pebbles  --to wilma@example.org
  --from 'fred@example.biz'
user313114
  • 578
  • 3
  • 7