Backup MX server

F

flamewalker

Verified User
Joined
Aug 21, 2007
Messages
64
Hello,

I am attempting to setup a second VPS with Directadmin as a backup MX server in case our main server goes down (it's been having a lot of problems lately!).

My thoughts are setting up rsync to synchronize the local domains and users to the backup server, say maybe every hour, or 15 minutes or so. In order to make that work, can I just rsync the entire /etc/virtual directory and restart exim? Or would I need to set up a script to only sync certain files?

I'm not worried about authentication at all as it will not be used for sending email, I just need exim to accept, spam-scan and relay the mail to our main server when it is up, or queue it if the main server is down, and push it once it is back up. No local delivery should happen either.

Also, I could use some pointers for the smarthost director: (this is what I currently have on the backup server)

Code: 
 smarthost:
   driver = manualroute
   domains = ! +local_domains
   ignore_target_hosts = 127.0.0.0/8
   condition = "${perl{check_limits}}"
   route_list = !+local_domains 69.73.142.47
   #route_data = "69.73.142.47"
   transport = remote_smtp

I also have on the main mail server:
Code: 
hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1 : 209.140.19.66

I've been searching for a while and can't find the exact situation I need. Any help/advice is much appreciated.

Thanks,
flamewalker
 
Just realized that the virtual directory doesn't include a list of valid email accounts on the domains... Any ideas on that one, without having to pull in all the /home/user/imap/domain.com/* directories?
 
I believe the valid email accounts on a domain are in /etc/virtual/example.com/passwd along with the password.

Except for the email account created for the username; that's in /etc/passwd and /etc/shadow, as it's controlled by the main username for the domain. You'll need that as well.

I don't know why you'll be using the smarthost director, but I haven't studied exim documentation in a long time. But you shouldn't need it to just send email to your lowest value mx server.

And I don't think you need to have your backup server on the list of relay_hosts; that would simply make it an open relay.

Jeff
 
Hello,

As a single domain solution you might want to use fetchmail (http://fetchmail.berlios.de/). If you want a fully automation, then you might need to use rsync and do rsyncing of /etc/virtual directory as well as of all /home/user/imap/domain.com/* directories. Of course it's better to do that with a script.

flamewalker said:
I've been searching for a while and can't find the exact situation I need. Any help/advice is much appreciated.
Click to expand...
 
The smarthost, for my understanding, should forward all mail for valid domains to the actual pop3 server. The relay hosts directive, afaik, is basically a way to whitelist my backup server so there are no issues delivering mail.

If there is a better way to make sure mail is accepted from my backup server, and a better way to forward email on from my backup server to my main server, I'm open to suggestions.

as well as of all /home/user/imap/domain.com/* directories. Of course it's better to do that with a script.
Click to expand...

Do I need the imap directories? Isn't that where the mail is actually stored? I don't want to transfer the mail itself with rsync, just the settings so my backup server will accept mail for all the domains we host, and if possible, be able to authenticate "local" recipients on the domains (even though the real mailboxes are on the main server) to avoid accepting ALL mail and possible backscatter issues, etc.

The backup server, at this time, will not be used for pop3/imap or smtp, other than as a backup mail relay. I did it some time ago with Sendmail. I had 2 MX servers that processed the email then forwarded it on to the actual pop3 server. In this case, I am trying to essentially do the same thing with 2 servers, with one housing the actual mailboxes and the other being an mx that forwards mail to the main server after scanning.

Thanks again. Hope I'm making sense :p
 
Last edited:
flamewalker said:
The smarthost, for my understanding, should forward all mail for valid domains to the actual pop3 server.
Click to expand...
In my understanding the purpose of the smarthost is to send all outgoing email through the smarthost server rather than through smtp.

I don't know why you're using the smarthost since you're not sending out email through the backup server. It's been a long time since I studied using exim as a backup MX, but my recollection is similar to what I find here.
The relay hosts directive, afaik, is basically a way to whitelist my backup server so there are no issues delivering mail.
Click to expand...
Yes it whitelists your backup server and allows it to send email to anywhere in the world, not just to the main server. If that's what you want, fine, but anyone who can get an account on the backup server can relay outgoing mail anywhere through your main server. You don't need to be in a list of allowable relays to deliver email locally.

It's been a long time since I built an exim backup MX configuration, and that was with exim 3 (a very long time ago). I do have all the version 4 references available including the book written by Dr. Hazel, and I could write a backup server as a commercial project at a flat fee, but I don't think that's what you're looking for, and I don't have enough current knowledge to simply give you definitive answers. Perhaps someone else will respond.

Jeff
 
flamewalker said:
Thanks again. Hope I'm making sense :p
Click to expand...

I now see your picture more clear. And using smarthost will allow to send emails from backup MX direct to the main MX server.

OK, why not to use smarthost, as I guess it really does not much matter that you will use smarthost for sending emails to smarthost, which is the main MX server at the same time, and did you try the setting?
 
nobaloney said:
here.

Yes it whitelists your backup server and allows it to send email to anywhere in the world, not just to the main server. If that's what you want, fine, but anyone who can get an account on the backup server can relay outgoing mail anywhere through your main server. You don't need to be in a list of allowable relays to deliver email locally.

Jeff
Click to expand...

I have set up the backup mx search part. I'm mainly at this point trying to find a way to authenticate recipients on the backup mx to help prevent the possible spam backscatter issue you have discussed in other threads and is mentioned in that article.

Good to know about the smarthost... I will try to test it without using that, even though it is a small, unlikely scenario, I do want to be as security conscious as possible.

Thanks for the clarification.

I'm in the process of testing things right now. I think I got it to the point that it should scan and relay the messages to the domains in the mx_relay file created via the link Jeff provided.

I will update as I make progress.

Thanks all.
 
Last edited:
I found this article (aptivate.org) and the information is extensive, inclusive, and good.

If you don't set up mailboxes, but allow emails to the domains in question to be relayed through your backup server then exim will simply hold them in the queue until it can send them to your main server, no smarthost necessary.

The problem, to which I don't know the answer, is how to relay not for the entire domain, but only for the actual valid email addresses on those domains.

Maybe the article can help you.

Jeff
 
You must log in or register to reply here.
Back
Top