Find the answer to your Linux question:
Results 1 to 5 of 5
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Postfix MailRelay Setup confusion

    Hey guys,

    I've inhereted a setup for 2 Postfix servers and an Exchange server.
    I'll explain the setup first and maybe some of you Postfix Gurus can help me out here.

    We have an Exchange server at the moment which is named:
    It is not externally accessible.

    We then have a Postfix relay named: mail1 and mail2 (same server, two different interfaces on two different T1 providers... this is just in case either of those connections goes down).

    Currently our MX records are setup to have mail sent to first mail1 and if the fails mail2.
    So that catches the event that if one of our internet T1's go down.

    We then have a colocation server offsite (which at the moment isn't active), but it's named mail3. This offsite server is setup to connect to our internal network using OpenVPN. So it gets an OpenVPN internal IP.

    What we would like to setup for is a failover server so that in the event of a full site outage (power-wise). Meaning mail1, mail2 AND email (exchange server) is down, mail3 will be our catch all relay, and store up the incoming mail until our Exchange server comes back up.

    I'm trying to wrap my head around the best possible setup for this, so please let me know any guides or configuration options I should be aware of to make this happen.

    Thanks all!

  2. #2
    Oh yeah I should give some specs as to the system versions etc:

    email: Server 2003 with Exchange 2007
    mail1/2: Ubuntu Server 9.04 with Postfix 2.5.5
    mail3: Ubuntu Server 9.04 with Postfix 2.5.5 and OpenVPN 2.1-RC11

  3. #3
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    If I understand the setup correctly, then the postfix setup of mail3 should be more or less identical to mail1/2.
    The difference is, that openvpn provides the internal IP instead of a real interface like it is for mail1/2.

    Just one thought outside the technical box:
    If a mail cannot be sent to your site, because mail1/2 are down, the sending mailserver will keep it queued.
    Afaik, 4 days is the default maximum queuing time, before a error mail goes back to the sender.

    That would give you 4 days to get the machines up and running again.
    What good is this?
    It might be a legal advantage to say: "We never got that mail."

    In opposit to the scenario "mail3 running, site FUBAR":
    Here, the sending mailserver will log a "250 OK", proving you DID get that mail.
    But you are probably busy getting the site back and not caring about particular mails.

    What I am trying to say: You may loose reaction time here.

    It is hairsplitting, I know. But you seem to be very concerned about mails, so this is my 2 cents about it.
    Last edited by Irithori; 01-06-2010 at 09:27 PM.
    You must always face the curtain with a bow.

  4. $spacer_open
  5. #4
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    North Carolina
    this is what we use for our external backup mx - Services -- MailHop Backup MX

    very cheap.

    anyway, I would like to also point out that you have redundant internet but your mail relay is still just one machine, a big single point of failure, aside from power and network.

    What I would do (and what we do) is we have 2 lvs load balancers (active/passive) that hand traffic to our 2 internal mail relays. so we can lose a load balancer and a mail relay without missing a beat. we then used the above as our backup mx in case power and or network go fubar.

    and like the previous poster mentioned, there is a typical expiration on email

  6. #5
    I understand what you mean here, and trust me after this weekend this failover setup will be changed. The reason for my urgency is we have a scheduled power outage in our building this Sunday and I'm hoping to set this up so that when the power goes out and cuts off email and mail1/2, that mail3 will just store up the mail and not send a return message. I say this because another power outage apparently happened before I got here, and when it went out the previous mail setup basically just rejected all mail and we had our CEO getting calls from clients asking if we were out of business. This is bad.
    I'd rather just have all the mail accepted on mail3 for now and then relayed to their appropriate mailboxes when everything comes back up.

    I'm finding out now that one of the reasons that mail was being rejected was because as soon as email and mail1/2 went down and mail3 took over, it would take in the message, compare the user to it's aliases list (which is synched from mail1/2).
    Now our aliases list is basically:


    This resolves the aliases for to the server.

    For some reason it would see that email is not available and then reject it.

    My attempts right now are to run a slave DNS server on the mail3 to our local DNS server so this issue doesn't happen.
    I'm not sure in this assumption at the moment.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts