Best setup of MX backup, DNS question.

Discussion in 'Installation/Configuration' started by neumann, Jan 15, 2023.

  1. neumann

    neumann Member

    I'm not sure if this queation is better put in another place than installing/configuring Linux OS. But please feel free to move it accordingly.

    Here is the background for the question:
    I have 2 servers (not in multiserver configuration, because I didn't feel comfortable doing so).
    The 2 servers are in 2 different locations (ne at my home and one at my summer-cottage). They are both running ispc 3.2.9 but the primary (at home) is on ubuntu 22.04lts and the secondary (at my cottage) is running ubuntu 18.04 desktop.
    I use a third party free DNS provider (dns.services) to setup my authoritative DNS.

    But I want to setup a backup mx, so that when my primary is offline, mails will still be qeued at the secondary server, and delivered when the primary gets back online.
    The servers are named:
    freja.bnjpro.dk (primary)
    server2.detlillehus.info (secondary)
    I have the impression that I should setup two mx records at the primary, one to point at my primary (up and running and works), and one that point to my secondary with a higher priority number.

    mx bnjpro 10 freja.bnjpro.dk
    mx bnjpro 20 server2.detlillehus.info

    But what else should I setup. Shouldn't I setup something on the secondary servers DNS, to let it know that it is responsible for mail when the primary is offline. What records should be setup for that to work? Do I need an A record or a MX record or both?
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Configure both hosts as e-mail servers with the same e-mail domains and mailboxes. Those two MX lines are sufficient for DNS name service.
    However, you need to configure syncronization between the two e-mail servers, so whichever host receives an e-mail it is copied to the other. Same with users connecting to servers, when they read, delete or mark messages those actions must be copied to the other server.
    There is tutorial for ISPConfig multiserver setup, so you see what kinds of things need to be set up. Your system is two separate servers, so that does not work for you.
    https://www.howtoforge.com/tutorial/ispconfig-multiserver-setup-debian-ubuntu/
     
    ahrasis likes this.
  3. neumann

    neumann Member

    Ok I will take a look at the link you provided.
    By the way, the secondary server wil only be for email backup. It has no mailboxes or email-customers attached.
     
  4. michelangelo

    michelangelo Active Member

    In that case I would give up on the idea to have a backup mx server.
    If emails can't be delivered to your primary MX then they will be returned to the sending server to its local queue and the sending server will retry delivery at certain time intervals.
     
    ahrasis likes this.
  5. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    true... but that also all depends on how long the sending mailserver is configured to retry for before sending an NDR to the sender.
    not an issue if the primary mailserver is only unavailable for a short period, but if there's a major problem and the primary mailserver will be unavailable for an extended period, it may still be worth having the backup mx server, even without mailboxes configured, as long as it knows about the domains it's responsible for, it can still be used as a simple store-and-forward backup mx server.
    the mails won't be available until the primary is back online, but at least they won't be lost/missed..
    might want to create an autoresponder on the backup mx server to let senders know that the mail is received, but there may be a long delay until it actually gets read.... which would be the harder part to configure.
     
  6. michelangelo

    michelangelo Active Member

    I kinda agree but also disagree.

    Pure backup mx are mostly crap, period, because:
    You need the knowledge to configure it correctly. The backup mx needs to know about all mailboxes that exist on the primary and it needs to be configured in the way that the emails are automatically forwarded to the primary once it is reachable again. One wants to accept emails for mailboxes that don't exist on the primary system (simple store-and-forward backup mx server)? Might be okay for a private mailsystem, but if you are hosting customers then one will cause with such setup more harm than it would help. I still wouldn't recommend such a setup also for private purposes, but if one wants it that way, okay...

    A master-master replication mailsetup would make way more sense if one needs the redundancy, but if that is considered an overkill, then I would just give up the whole idea and live only with one MX/mailserver. The sending server has also a queue and if that queue is configured with a short lifetime then it is probably just a mass-sending mailsystem, i.e. newsletter provider. The sender will also always be notified that the email could not be delivered and eventually expired and can resend that email at a later point of time or get in contact with the recipient in a different way.
     
    ahrasis likes this.
  7. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    completely agree with you.. it's not something i would bother configuring... just pointing out an alternative option for the OP which is actually closer to what he originally requested.. entirely up to each server admin whether or not it's worth all the effort/hassle/spam.
     
  8. neumann

    neumann Member

    I'll leave as it is. It is only for private purposes and family members and friends.

    I had just got the impression that all the catching of mails would happen aytomatically if one had 2 servers and the priority was set to a low number for the master and a higher number for the "catcher".

    I clearly don't know enough to try to go any further. :)
     
  9. ConradAlexander

    ConradAlexander New Member

    In summary, to set up a backup MX server, you should:

    Configure your secondary server to act as a backup MX server.
    Set up an MX record on your secondary DNS that points to your secondary server.
    Add an A record on your primary DNS that points to your secondary server's IP address.
    Configure your secondary server to periodically check if the primary server is back online and deliver any queued messages when it is.
     
  10. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    not quite..


    yes.
    no. setup an MX record for the backup mailserver on both main and secondary dns **
    no. again.. the A record should created on both main and secondary dns servers. *
    this should be configured already as a normal part of postfix installation.. for a standard backup (store and forward ) mx server, the important changes to make in main.cf are to ensure the domain name is not included as part of the mydomain line (to ensure it doesn't try to deliver mail locally), that the relay_domains line lists every domain for which the server should act as a backup mx server for, and that maximal_queue_lifetime is set to a high enough value (default 5d (5 days)) to cover however long the primary mx server is likely to be unavailable for. (maximal_queue_lifetime is unlikely to be in the config by default and would need to be added.


    * remember for MX records, lower value numbers are higher priority. ie 0 will be higher priority than 10. mailservers should always attempt to connect to the highest priority MX server first. also note that when you have multiple mailservers, spammers will often deliberately target sending mail to the lower priority (backup) mx server in the expectation that it will have lower protection ( security, spam / virus checking, oversight/monitoring) than the primary mailservers.

    ** if using ispconfig server mirroring for dns servers.. or if bind is correctly configured for master / slave replication creating the dns record on the primary dns server should lead to automatic creation of the record on the mirrored / slave (secondary) dns servers.[/quote]
     

Share This Page