Looking for a redundant Mail solution

[hostpc.com]

As some of you may be aware, HostPC was out of commission for roughly 36 hours this past week due to Hurricane Wilma slashing our datacenter and a single faulty part (and subsequently bad backup part that was onsite) for the generators which failed. (Verio was also impacted, severely).

We're making a LOT of changes to our network, including backup services in 2 alternate datacenters (which means 2x the servers, 2x the DA licenses) - a cost I'm willing to assume - but I've got a couple of issues.

One issue is providing redundant MX records for our customers - one in each datacenter.

Can anyone explain how, or if that could be accomplished within DA? I'm sure it's necessary to have the user accounts (domain/username) exist on both servers - correct?

If anyone has thoughts on how this could be accomplished, please let me know.

Thanks

 

[Bloory]

I'll begin by saying I'm no expert.

I am sure Jeff or one of the others can correct me;

you need to modify the dns template so that the additional mx record is served and then just add the domain to a file such as /etc/remotedomains.

 

[ju5t]

This really is the first feature I would like to see in DirectAdmin. Basically like the DNS MultiServer setup. Instead of fallback mx a real secondary mail server would be ideal. So customers can always check their e-mail.

At the moment we run fallback mx. Renting this service from a third party. So I honestly don't know how they have done it, but it's not DA dependant.
There is a 5 minute cron on our servers which creates a list of domains. What goes on after that on the secondary servers is beyond our knowledge.

We have dns_a.conf and dns_mx.conf in our /usr/local/directadmin/data/templates/custom directory.

dns_a.conf:
mx1=|IP|
mx2=192.168.0.1

dns_mx.conf:
mx1=10
mx2=20

This is all, working like a charm.

 

[hostpc.com]

Could you tell us where you're getting this third party service? it souonds like an ideal situation.

Thanks

 

[nobaloney]

Joe,

I'm sorry to hear of your problems. My brothers are in Boca and in Davie, both hard-hit by Wilma.

A list of domains isn't enough; without a list of users you run into the problem I've mentioned previously where you end up with emails you don't know what to do with.

Using DA may or may not be the right way to go on the failover server. Previous studies have shown us that vexim may be a better solution but we're going to study it again beginning today.

We can offer this as a service if there's any interest but we're not sure how to price it and get any business.

Details:

1. Centrally located server hosting failover MX. (Note that this server will get some email even when your server is up, because that's how MX works.)

2. We're considering per domain per month pricing (to make it fair to us and to our clients who might want to sell it as an option).

3. A plugin for the DA server would automatically upload to us a list of domains and usernames on a regular basis (hourly?).

4. We'll start first with a U.S. based server, and add a European presence if/as European business warrants.

Of course once we start the service we're committed to running it forever, even if we only get a few clients...

So we're interested in knowing if anyone is interested in it, and if so, what would be a fair price.

Let's leave the thread here for now and perhaps move it to third-party software (where it may soon rightfully belong depending on where the thread takes us.

The best way to price it apears to be to get the number of domains we're hosting failover MX for on any given day and average for the month. But we're open to suggestions both for the pricing model, and any other issue that may come up.

Anyone?

Jeff

 

[ju5t]

Yea, sure. Check http://www.mijn-sleutel.net/?pagina=contact

I don't think they have a website available in english. But you can just send them an e-mail explaining your situation. They have both secondary servers available in the US as in Germany.

You will have to convert all your current zones though. We did have a script for that but it got lost

Edit:
Just read your reply Jeff, we would be interested if there could be a service allowing our clients to receive their e-mail from the secondary server as that is not possible for us at the moment.

 

[resolveit]

Hi getUP,

Slave MX or what the site calls Fallback-MX will cache the mail waiting for yourprimary server to become available again. The users will not be able to collect thier mail from this server directly. What you're looking for is possible, setting up complete mail facilities on a second site and modifying DNS to find the available server BUT this is not reliable as your customer could miss mail because the second server answered before the first while the mail is on the first , etc.... Also when your primary goes down your customers who have cached the DNS info will get a failure in their mail client untill their DNS client requests new information from your DNS server.

I'll see if Jeff and I can figure out a way to make it work... I don't have high hopes though.

Regards,

 

[nobaloney]

The problem is simple: you can't guarantee with DNS alone that all users will see the fallback server while it has email.

So we'd have to develop a system that would keep track of when the main server is back up, and move to it any email still in the mailboxes on the failover server.

Which is possible. But a lot harder than the standard fallback system.

I don't think I'd want to try to attack it until I had a lot of advance subscriptions for it, as it's going to make the solution much more expensive (much more needed on the fallback server in the way of resources).

Jeff

 

[ju5t]

I know the way basic fallback mx works, that is, the caching part. Things we don't know is as in how they handle things on their server. But this is not my concern really.

This seemed to be the ideal solution to set things up quickly and without much hassle. If another solution will be too costly than it's not interesting. If our customers demand high end solutions regarding e-mail they should not be on a shared hosting account after all.

 

[nobaloney]

Well, a few hours later I can tell you two things:

1) Here's how we do it when required...

We have multiple MX servers all set up for the same users and the same passwords.

And we have each user set up two accounts on his/her desktop machine; one for each server. So email will be seen by the user no matter which system it comes in for.

Note that this doesn't work if the desktop client errors out when a system can't be reached. We use KMail desktops, which just skip over non-responding mail servers.

2) We're not going to get into failover mailboxes for a shared hosting solution; we may or may not get into it for our specialty mailbox hosting solution.

Jeff

 

[icepick]

backup mx

Hey guys,

I'm interested in a simple backup mx, simular to the way multi server works, just store the mail till the primary mailserver comes back online.

 

[roelp]

a very easy solution would be to just add another MX record with a lower priority

and just create a simple catchall pop3 on the backup server

 

[roelp]

you could also use something like finger or etrn

 

[MartijnHOS]

Hello,

I have also thought a lot about setting up a secundary mailserver (not a fallback). The easiest way is as Jeff describes in point 1).

If you set it up for all your customers the must set up two account in their mailprogram. I know for sure that not all customers will do and will loose email.

If you choose to set it up for just the clients who need it, you need to filter out the users who not need it.

Jeff if you are planning to work an this, i am willing to pay for the solution.

Kind regards,

Martijn

 

[nobaloney]

a very easy solution would be to just add another MX record with a lower priority

and just create a simple catchall pop3 on the backup server

This solution will cause you a lot of problems even if you figure out how to send email back to the main server.

Many spammers send email to all MX records (and even all A records) for a domain. So their dictionary attacks will fill your secondary MX system's space quickly, and when the system tries to forward the email to the main MX system it'll have tons of email it can neither deliver nor return.

Jeff

 

[ju5t]

I just did a basic Exim config to allow the relay for specified domains - acting as a fallback mx solution.

My only concern is, if not using the same ACL rules as on a primary server - how will e-mail get bounced - if for instance, an e-mail has a virus in it?

Will it be send back to the fallback server or the original server which sent the e-mail?

 

[TheBear]

Hello,

Here is a suggestion that may for for those if you looking for a simple, off-site backup MX setup.

For most of my domains (which are not on my DA server, and even some on my DA server) I have ouotsourced my DNS to DNSmadeeasy. The cost is reasonable and they also offer backup MX service for $7.50 per domain per year.

Their paid DNS services also offer a hot failover in case you want to mirror any of the IPs setup in zone files on their service.

Dale

 

[nobaloney]

Sure but how do they handle any of the issues I mentioned?

Jeff

 

[streamservice]

Is it possible to have this like the multi server option for DNS?

It should be possible to just relay all e-mail on a domain I guess. A domain could be added to the second server when it is added on DirectAdmin (like the multi server option currently provided).

Only when the account doesn't excist how it works whit sending the message back (or because any other reason the server sents the email back). Could it be possible to sent the mail at that moment to the original sender? If so this could be the solution I am looking for. If this is not possible I will have to make an own application and to buy an extra server and use that application.

I don't want to outsource this at the moment. When you don't think this willcome just say it, because than I know I have to make an own application.

 

[weng]

This solution will cause you a lot of problems even if you figure out how to send email back to the main server.

Many spammers send email to all MX records (and even all A records) for a domain. So their dictionary attacks will fill your secondary MX system's space quickly, and when the system tries to forward the email to the main MX system it'll have tons of email it can neither deliver nor return.

Jeff

Hi Jeff,
Can't we set the primary mail server to drop all mails except for those with valid addresses? That way, there's no need to return those invalid addresses emails.