[BlueOnyx:05272] Re: Secondary mail server

Ken - Precision Web Hosting, Inc kenlists at precisionweb.net
Fri Aug 20 12:48:36 -05 2010


----- Original Message ----- 
From: Chuck Tetlow

Well,

I can give one example.

Its not unusual for a mail server to get so busy that he tells a new 
connection to wait.  The mail server can tell a new connection to come back 
in XX number of minutes.  In fact, our SPAM appliance makes use of that very 
function to ward off the script kiddies.  But if you've got two MX records 
for a domain - the initiating server will just go to the secondary when the 
primary is too busy.

Even if the primary isn't overloaded - if the network connection is slightly 
slow and the initialing e-mail server can't make contact with the primary, 
it will use the secondary MX server.

I've seen both happen.  And it does result in mail on both servers.  A real 
PIA if you haven't configured the secondary server to forward to the 
primary.  Either that, or each of your customers have to check both servers 
for e-mail.  But now your log records are distributed onto both servers - 
makes troubleshooting a nightmare.

Take Chris's advise - use one server.



Chuck


---------- Original Message ----------- 
From: "Gary Sedgwick" <gary at symbion.co.uk>
To: "Chris Gebhardt - VIRTBIZ Internet" <cobaltfacts at virtbiz.com>
Cc: BlueOnyx General Mailing List <blueonyx at blueonyx.it>
Sent: Fri, 20 Aug 2010 15:44:29 +0100 (BST)
Subject: [BlueOnyx:05259] Re: Secondary mail server

> Hi Chris,
>
> Many thanks for all the info.  I'd appreaciate it though if you could
> explain what exactly would happen in the scenario I described, and why
> mail will "randomly" end up on each server.
>
> When I say the two boxes will be configured identically, I meant in terms
> of vsites/users.  The DNS would be unique for each though, with the high
> priority MX record pointing to the main mail server for each domain, and a
> lower priority MX record pointing to the server configured as "secondary
> mail server".  I'm hoping the mail would always end up at the primary
> server (and hence the mailboxes) in this scenario due to using the higher
> priority MX record, and only at the secondary server if the main one is
> unreachable.  The question is, what happens on the secondary server - does
> it queue up, or deliver to mailboxes, if vsites/users are set up as well
> as the secondary mail server setting?
>
> I've done a lot of investigation into various things like
> heartbeat/DRBD/pacemaker/haproxy/GFS/RHCS.  My feeling at the moment is
> that, for what I'm trying to achieve, heartbeat/pacemaker is just too
> complicated (to do correctly anyway i.e. with STONITH etc.), GFS is
> incompatible with BlueOnyx due to requirement for ext3, and DRBD is great
> but limited to primary/secondary without GFS or similar.  My requirements
> are that I need swift failover of Apache (hence haproxy and active/active
> type config), but only need to make sure mails are not lost (so
> active/passive type config, but with secondary mail server running to make
> sure mails aren't lost) in regards to e-mail.  I'm pretty confident this
> is the way I want to go, I'm just not sure about how the secondary mail
> server setting in BX interacts with already configured vsites/users.
>
> Gary
>
> > Hi Gary,
> > Be very, very careful with your configuration.  Long story short,
> > though, you can save yourself the trouble of setting up another box to
> > test with.
> >
> >> If two BlueOnyx environments are set up with the same domains/vsites 
> >> and
> >> users (but different IPs obviously), but I configure the Secondary Mail
> >> Server in one to point to the other, will that take precedence over the
> >> usual mailbox delivery on that particular server (in the case the other
> >> one is down)?
> >
> > This is NOT how it works.  If you just configure 2 BX boxes, then they
> > will both just assume that they are authoritative for the domain.  You
> > can configure one as a primary and one as a secondary MX if you want,
> > but that won't really do what you're thinking it will, either.  What
> > you'll wind up with is mail "randomly" ending up on one box or the 
> > other.
> >
> >> I'm thinking about loading two servers from the same
> >> cmuexport, and using them for load balanced web serving, but just 
> >> having
> >> mail delivered to one box with the other available as a backup mail
> >> server
> >
> > Save yourself time and trouble.  Don't do it.  Rather than putting up 2
> > servers for "load balanced web serving", just put up one server that's
> > robust enough to handle the load.  If the site is busy / important, make
> > sure you're not hanging a monster server off a DSL or T1 line and put it
> >   with a facility that is robust enough to support the traffic.   It
> > always amuses me when folks put in monster dual-quad core servers with
> > 12GB RAM so they can do their own server on a DSL line.  Whoops!
> >
> > But back to point, what will wind up happening, again, is that you'll
> > have email going "randomly" to both servers that you've set up.   In
> > addition, assuming you're using round-robin DNS to resolve your WWW to
> > either server, you're going to have inconsistent logging, sessions that
> > don't carry across and databases that are not synced up.
> >
> > If you want to use 2 servers for redundancy, then configure them in a
> > cluster.  Aventurin{e} makes this drop-dead simple.  Or you could roll
> > your own cluster using Linux heartbeat clustering, some rsync and some
> > MySQL replication.   I've worked both ways.  For my time and money,
> > Aventurin{e} is the way to go.  You just set it up and it works.
> >
> >> - I'm guessing sendmail will end up with configuration for the vsites 
> >> as
> >> well as the secondary mail server, but in the event of the main server
> >> failing will mail queue up waiting to be delivered to the main server
> >> (as
> >> I'm hoping), or will it be delivered to the redundant mailboxes on the
> >> secondary server?
> >
> > Yes, I can see how you'd guess this but it isn't at all the way it will
> > work out.   Just setting up another server with an identical
> > configuration will not give you the redundancy you're looking for.  It
> > will give you headaches and heartbreak.
> >
> > So by now you're asking "so what's that secondary mailserver box for if
> > it doesn't do what I want?"   Ah.   Happy to explain.
> >
> > What it's there for is in the event that you want to set up a secondary
> > server that will queue your inbound email in the event that your primary
> > system goes offline.  The idea would be that the secondary box will
> > accept the email then queue it for delivery to your primary system as
> > soon as it becomes available again.  That way nobody loses email during,
> > say, a reboot or when the DSL line you're hosting your dual-quad
> > mega-RAM, RAID-10 box peters out on you only to return whenever the
> > telco gets around to it.   :)
> >
> > I hope that helps sort it out for you.
> >
> > -- 
> > Chris Gebhardt
> > VIRTBIZ Internet Services
> > Access, Web Hosting, Colocation, Dedicated
> > www.virtbiz.com | toll-free (866) 4 VIRTBIZ
> >
>
>

In the past I've set up a mail server that would scan email and forward to 
the primary. Then on that server I have graylisting set up for those people 
who want more protection and don't mind the delay.


The script I used to add each domain to the /etc/mail/access  and 
mailertable was

#!/usr/bin/perl
#set up relay and mailertable for extra spam filtering

print "Domain name to relay for - without the www .............. ";
$domainname = <STDIN>;
$domainname  =~ s/ //g;
$domainname  =~ s/www\.//g;
chomp ($domainname);
$domainname =  lc ($domainname);

$hostname = "www";

#To:clientdomain.com    RELAY

$thecat = `cat /etc/mail/access`;

if ( $thecat =~ /$domainname/ ) {
print "I already see this domain in the  /etc/mail/access.  exit. \n";
exit;
}
print "\n add the domain to the /etc/mail/access  file\n";
open(ACCESSFIL,">>/etc/mail/access");
print ACCESSFIL "To:$hostname.$domainname\tRELAY\n";
print ACCESSFIL "To:$domainname\tRELAY\n";
close(ACCESSFIL);


print "\n add the domain to the /etc/mail/mailertable  file\n";
open(ACCESSFIL,">>/etc/mail/mailertable");
print ACCESSFIL "$domainname\tSMTP:[mail.$domainname]\n";
print ACCESSFIL "$hostname.$domainname\tSMTP:[mail.$domainname]\n";
close(ACCESSFIL);


print "makemap hash /etc/mail/mailertable < /etc/mail/mailertable \n";
system ("makemap hash /etc/mail/mailertable < /etc/mail/mailertable");

print "makemap hash /etc/mail/access.db < /etc/mail/access \n";
system ("makemap hash /etc/mail/access.db < /etc/mail/access");




----
Ken M
Precision Web Hosting, Inc.
http://www.precisionweb.net






More information about the Blueonyx mailing list