failover mail server

[Lem0nHead]

hello

I want to make a simple failover mail server
could you please check if my idea is correct?

server 01) main server with DirectAdmin and MX 10
server 02) backup server (also with DNS in case server 01 fails) with Exim (doesn't have DirectAdmin installed)

all I need to know is to configure the same relay_domains as server 01 on server 02 and set an MX 20 for it, for example?

then if server 01 fails, messages will be send to server 02... and server 01 will try to delivery it from time to time... sometime server 01 will get back and server 02 will get to delivery it

is this correct?

thanks

 

[nobaloney]

Much more configuration is necessary.

Search these forums.

Have fun.

Good luck.

Jeff

 

[Lem0nHead]

hm
aside spammers targeting my secondary MX, which other problem would have?
because I think that, ie, using exim, you can just add the domains you want to rely on remote_domains and/or relay_hosts
and it will keep trying (from time to time) to delivery the messages... then it will get when the server comes back

 

[nobaloney]

Your secondary server won't know which users to accept mail for so it'll accept mail for nondeliverable users, and then when it forwards those on to the primary server the primary server won't accept them.

So you've got lots of frozen messages, and you're not in compliance with RFCs.

Jeff

 

[nobaloney]

I just did a bit more research:

relay_hosts won't help; it's simply a list of servers you will accept email from for unlimited relay.

remote_domains is a bit more complex, because it doesn't define anything. You do the defining.

Having done some Googling, I'm seeing what I think you mean, the domainlist router.

However it doesn't affect relaying at all; you have to accept the email for relaying before you can use the domainlist router.

Yes, you can use the same list for both, but you're still stuck with figuring out which addresses are acceptable.

Jeff

 

[Lem0nHead]

hm
I was thinking something like that (I don't know the technical part):
1) accept E-Mails "from" the domains hosted my main mail server
2) accept E-Mails "to" the domains hosted on my main server
3) deny anything else

after accepting domains "to" the domains hosted on my main server, I belive exim will automatically try to deliver it from time to time

again, I don't know if this implementation is possible, but I think secondary MX shouldn't be difficult... at least not a simple implementation... I know it was used many many years ago...

 

[Lem0nHead]

hmm
maybe I got the point
another interesting thing would be to set authentication on the SMTP... so just authenticated users could send mail... in this case it would be needed to send the users login info to this server too...

 

[Lem0nHead]

here's an interesting discussion: http://forum.ev1servers.net/showthread.php?threadid=37177

maybe it's not a good idea to set the mail failover if you have redundant DNS

i'll keep researching

 

[nobaloney]

I was thinking something like that (I don't know the technical part):
1) accept E-Mails "from" the domains hosted my main mail server

If you're willing to accept emails from the domains hosted on your main mailserver than anyone will be able to spoof those domains and spam from your server.

It happens all the time, so you should probably not just hope it won't.

2) accept E-Mails "to" the domains hosted on my main server
3) deny anything else

after accepting domains "to" the domains hosted on my main server, I belive exim will automatically try to deliver it from time to time[/quote]
You believe wrong. Exim will accept all domains which are listed in it's list of local domains. When it doesn't find mailboxes for them it will return them.

Unless you've written a custom exim.conf file.

again, I don't know if this implementation is possible, but I think secondary MX shouldn't be difficult... at least not a simple implementation... I know it was used many many years ago...

Many years ago you didn't have to worry about thousands to millions of emails daily coming in via dictionary attacks.

You can set up backup MX; it's just not as trivial as it once was.

Hint: You have to figure out a way to tell your backup server who in each domain is entitled to receive email.

Jeff