Results 1 to 5 of 5
Enjoy an ad free experience by logging in. Not a member yet? Register.
- Join Date
- Jan 2010
Postfix MailRelay Setup confusion
I've inhereted a setup for 2 Postfix servers and an Exchange server.
I'll explain the setup first and maybe some of you Postfix Gurus can help me out here.
We have an Exchange server at the moment which is named: email.mydomain.com
It is not externally accessible.
We then have a Postfix relay named: mail1 and mail2 (same server, two different interfaces on two different T1 providers... this is just in case either of those connections goes down).
Currently our MX records are setup to have mail sent to first mail1 and if the fails mail2.
So that catches the event that if one of our internet T1's go down.
We then have a colocation server offsite (which at the moment isn't active), but it's named mail3. This offsite server is setup to connect to our internal network using OpenVPN. So it gets an OpenVPN internal IP.
What we would like to setup for is a failover server so that in the event of a full site outage (power-wise). Meaning mail1, mail2 AND email (exchange server) is down, mail3 will be our catch all relay, and store up the incoming mail until our Exchange server comes back up.
I'm trying to wrap my head around the best possible setup for this, so please let me know any guides or configuration options I should be aware of to make this happen.
- Join Date
- Jan 2010
Oh yeah I should give some specs as to the system versions etc:
email: Server 2003 with Exchange 2007
mail1/2: Ubuntu Server 9.04 with Postfix 2.5.5
mail3: Ubuntu Server 9.04 with Postfix 2.5.5 and OpenVPN 2.1-RC11
If I understand the setup correctly, then the postfix setup of mail3 should be more or less identical to mail1/2.
The difference is, that openvpn provides the internal IP instead of a real interface like it is for mail1/2.
Just one thought outside the technical box:
If a mail cannot be sent to your site, because mail1/2 are down, the sending mailserver will keep it queued.
Afaik, 4 days is the default maximum queuing time, before a error mail goes back to the sender.
That would give you 4 days to get the machines up and running again.
What good is this?
It might be a legal advantage to say: "We never got that mail."
In opposit to the scenario "mail3 running, site FUBAR":
Here, the sending mailserver will log a "250 OK", proving you DID get that mail.
But you are probably busy getting the site back and not caring about particular mails.
What I am trying to say: You may loose reaction time here.
It is hairsplitting, I know. But you seem to be very concerned about mails, so this is my 2 cents about it.
Last edited by Irithori; 01-06-2010 at 10:27 PM.You must always face the curtain with a bow.
this is what we use for our external backup mx
DynDNS.com - Services -- MailHop Backup MX
anyway, I would like to also point out that you have redundant internet but your mail relay is still just one machine, a big single point of failure, aside from power and network.
What I would do (and what we do) is we have 2 lvs load balancers (active/passive) that hand traffic to our 2 internal mail relays. so we can lose a load balancer and a mail relay without missing a beat. we then used the above as our backup mx in case power and or network go fubar.
and like the previous poster mentioned, there is a typical expiration on email
- Join Date
- Jan 2010
I understand what you mean here, and trust me after this weekend this failover setup will be changed. The reason for my urgency is we have a scheduled power outage in our building this Sunday and I'm hoping to set this up so that when the power goes out and cuts off email and mail1/2, that mail3 will just store up the mail and not send a return message. I say this because another power outage apparently happened before I got here, and when it went out the previous mail setup basically just rejected all mail and we had our CEO getting calls from clients asking if we were out of business. This is bad.
I'd rather just have all the mail accepted on mail3 for now and then relayed to their appropriate mailboxes when everything comes back up.
I'm finding out now that one of the reasons that mail was being rejected was because as soon as email and mail1/2 went down and mail3 took over, it would take in the message, compare the user to it's aliases list (which is synched from mail1/2).
Now our aliases list is basically:
This resolves the aliases for email@example.com to the email.mydomain.com server.
For some reason it would see that email is not available and then reject it.
My attempts right now are to run a slave DNS server on the mail3 to our local DNS server so this issue doesn't happen.
I'm not sure in this assumption at the moment.