Date: Sun, 26 Sep 2004 14:32:11 -0400 From: Bill Moran <wmoran@potentialtech.com> To: Eric Crist <ecrist@secure-computing.net> Cc: freebsd-questions@freebsd.org Subject: Re: Backup Mail Server Questions Message-ID: <20040926143211.02d40949.wmoran@potentialtech.com> In-Reply-To: <493F1EDF-0FE0-11D9-A586-000D9333E43C@secure-computing.net> References: <493F1EDF-0FE0-11D9-A586-000D9333E43C@secure-computing.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Eric Crist <ecrist@secure-computing.net> wrote: > Hello list, > > I was wondering if anyone has any insight as to having a remote backup > mail server and the setup of such. I'm currently using sendmail, and I > don't want to change that, so please don't recommend any of the other > servers out there. ;) > > One of my friends needs backup DNS/Mail in the even their connection > goes down. How do I go about setting it up so that his user base > (about 80 users) will not see any problems in mail transmission and > reception if their primary servers go offline. I would like mine to > automatically pickup the slack. I'm going to go out on a limb and input my extremely biased opinion. First off, what does setting up backup DNS/mail gain the end user? Unless you have mirrors on radically different networks, of things like WWW and mail, backup DNS doesn't really accomplish anything. If the net connection goes down, you're offline anyway, so who cares if DNS still works? Backup SMTP is even more difficult to justify. The SMTP standard has transient failure recovery built into it, so if your net connection is down for an hour or so, mail delivery will resume when the connection comes back up. If you set up a backup MX on a different network and your primary MX goes down, end users can't get to their mail anyway, since their POP/IMAP boxes are not configured on the backup server. Backup SMTP is a complicated and expensive thing to get working correctly. You can't set up secondary POP/IMAP boxes on the backup, because then you'd have to have everyone check both. This creates two single points of failure (which is worse than a single single point of failure) You could have mail delivered to both the backup and the primary, but then how does the backup know when the user deletes mail from the primary, or vice-versa? Simple fact of the matter is that the only way for 100% reliable mail delivery is to have a single point where the mail gets delivered to. You'd probably be better off setting up a redundant Internet connection, if mail is that important to this customer, and they get the additional benefit that that creates as a bonus. Additionally, for mail to work smoothly, the backup MX needs to have an updated user list from the primary at all times. It also needs to have the same spam/virus filtering setup as the primary MX or spammers _WILL_ use your backup MX to bypass spam controls. If you don't do these correctly, you will have problems with junk mail, as well as generate collateral spam and piss off other mail admins. (I've seen a badly configured backup SMTP system bring a small ISP to its knees) Now that I've been all doom and gloom ... 1) Ensure that the benefit of backup SMTP/DNS for this customer is really justified. 2) Make sure the backup MX has all the same filtering as the primary. Otherwise, spammers WILL QUICKLY learn to relay their spam through the backup. In fact, many spammers try the MXs in reverse order on the assumption that only the primary has properly maintained junk mail controls. 3) Make sure you have a system to replicate the user list from the primary to the backup, so the backup doesn't accept undeliverable mail. I've done this as simply as a cron job with rsync, but fancy stuff like SQL databases and LDAP are possible as well. -- Bill Moran Potential Technologies http://www.potentialtech.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040926143211.02d40949.wmoran>