How to setup exim as a backup MX server

[mmgenius]

Hello,

Sorry to get up this old thread again. But I'm doing tests with this 'backup mx' solution.
I use: SpamBlockerTechnology* powered exim.conf, Version 4.1
I have changed: domainlist relay_domains = lsearch;/etc/virtual/domains : lsearch;/etc/virtual/mx_backup_domains : localhost
I have added the domain(s) I like to use backup MX for in 'mx_backup_domains'.

But I was wondering now: I have a list with all the aliases/accounts, what do I need to change/add to exim.conf or in which file should I add al these aliases/accounts so the backup mx server doesn't accept mail for email addresses that doesn't exist?

Kind regards,
Maarten

 

[nobaloney]

The SpamBlocker exim.conf files (even the ones supplied with DirectAdmin) all have code in place to verify the existence of users in various lists. I don't know the details of what changes made to be done...

but...

because I'd like the solution...

If you'd develop the code for gathering all the email addresses, forwarders, autoresponders, etc., that need to be sonsulted, and for aggregating them from multiple sources and sevices, and creating one list, and for securely transferring that list to the backup MX machine every time such a change exists (don't forget to handle deltions as well as additions) I'd be happy to research and create a working SpamBlocker 4 to make it happen on the backup MX server.

Hints:

Rather than handle the deletions separately from the additions, just recreate the entire list everytime a change is made to any email recipient address on the server. (Don't forget when restoring a backup, and don't forget when deleting domains).

Then pass it over to the backup mx securely. And whenever the list for any of the main mx servers changes, completely rewrite the combined list used by the backup mx machine's exim.conf file.

Anyone interested in this project?

If interested let me know; we can create an area to discuss various exim projects for DiretAdmin, either in these forums or on one of my servers.

Jeff

 

[jkirker]

Did anything ever come of this?

 

[nobaloney]

No. The problem is that the 'backup' server would need a list of all domains currently on the server, and to eliminate the possibility of it ending up with emails it couldn't deliver, even at the proper domain (no such address) it would need an up-to-date list of all autoresponders, mailing-lists, mailboxes, forwarders and linux-users.

You can't throw away emails for which there are no recipients (against RFCs), and you can't send them back without risking sending them back to spoofed addresses, which will get you on spam blockliss. So no real option except, in a shared environment, real-time list updating.

The domains list is relatively easy; you can get it from /etc/virtual/domains.

But the list of virtual users, forwarders, mailboxes, autoresponders? Because these are in many disparate files, that would be a lot harder.

A pain when you think about implementing it for multiple servers. I'll do it only if I end up building my own Enterprise Email service, but otherwise likely not.

Jeff

 

[Petertjuh360]

I have a big interest for this.
I want to create a backup MX server for a long time already, but I don't know how to transfer and sync the list to the remote MX server.

 

[jkirker]

On 07-05-2007 nobaloney & floyd gave us this to generate a list of all aliases, catch-alls and forwards: (http://forum.directadmin.com/showthread.php?t=19745)
find /etc/virtual/ -name aliases -exec cat {} \; -print > filename

Then on 03-12-2008 Netbit gave us this to generate a list of all active email addresses: (http://forum.directadmin.com/showthread.php?t=1635)
for DOMAIN in $(find /etc/virtual/* -maxdepth 0 -type d ! -type l ! -name '*_off' ! -name 'usage' ! -name 'majordomo' -printf '%f \n'); do { for USER in $(cut -d: -f1 /etc/virtual/${DOMAIN}/quota); do { echo ${USER}@${DOMAIN} >> /root/activePopAccounts.txt; }; done; }; done;
It will generate a list in /root/activePopAccounts.txt with all e-mails.

So we have the information we need to start no?

What would it take to make DA and clustered servers work with mail like they do DNS? So if one server in the group dropped, the others would be available to do some of the lifting until it was resurrected? It's one more piece to the puzzle that is keeping DA from being more "enterprise-ish"...

Thoughts from the community? Ironically having a machine go down this week and mail bouncing all over the place, this again turned up on my list of important things.

 

[nobaloney]

Far be it for me to rain on anyone's parade... but...

What you had was undeliverable email being bounced, and interim messages going out that email wasn't being delivered.

If you use backup MX then senders don't get 'undeliverable after four hours' messages, and their email may or may not get bounced, depending on the settings on the backup mx server.

But the mail is simply waiting on a (growing) queue on the backup server; it can't be read there.

I suppose you could, if your users were using POP3, set up a complete mail system on the backup server (not easy at all; setting up a copy reqires a complete duplicate /home/USERNAME/imap and a complete dulicate /home/USERNAME/Maildir section (since the name imap is misused in this case, it wold be reqired for POP3 accounts as well). And then a system to tell DirectAdmin which of these are real users and which aren't, and lots of other stuff I haven't even thought of yet.

And to make it work with IMAP you'd additionally need a way to to rsync email to the backup server, and then later after the main server was restored, to rsync (one-time) back to the main server. And manage which IP# was being preented (could perhaps use multicast [look it up]). Or for true redundancy figure out how to rsync in both directions at the same time.

Now see why I'd only do all of this if I were to be building my own Enterprise email solution? Yeah, I'm taking the easy weay out.

Important email clients? Why not resell someone's Enterprise Email solution. But be careful which you choose; I've looked at a bunch and so far only Rackspace offers the same thing we do: an opportunity to whitelist anyone who is somehow on a blocklist, but from whom you really need email. Email me (do NOT post here or PM me) for a list of the ones I've found that block before whitelists are check.

Jeff