Date: Sun, 26 Sep 2004 19:45:12 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Eric Crist <ecrist@secure-computing.net> Cc: freebsd-questions@freebsd.org Subject: Re: Backup Mail Server Questions Message-ID: <20040926184512.GA48082@happy-idiot-talk.infracaninophile.co.uk> In-Reply-To: <493F1EDF-0FE0-11D9-A586-000D9333E43C@secure-computing.net> References: <493F1EDF-0FE0-11D9-A586-000D9333E43C@secure-computing.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--zYM0uCDKw75PZbzx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, Sep 26, 2004 at 12:19:56PM -0500, Eric Crist wrote:
> I was wondering if anyone has any insight as to having a remote backup=20
> mail server and the setup of such. I'm currently using sendmail, and I=
=20
> don't want to change that, so please don't recommend any of the other=20
> servers out there. ;)
>=20
> One of my friends needs backup DNS/Mail in the even their connection=20
> goes down. How do I go about setting it up so that his user base=20
> (about 80 users) will not see any problems in mail transmission and=20
> reception if their primary servers go offline. I would like mine to=20
> automatically pickup the slack.
>=20
> Thanks for your replies!
Actually, it's pretty simple. Starting with the more fundamental
things: to provide a backup DNS, configure a server to secondary for
your friends domains. Under Bind9 that means something like this in
named.conf:
zone "yourfriend.com" {
type slave;
masters {
dns0.yourfriend.com;
};
file "s/yourfriend.com";
allow-query {
any;
};
allow-transfer {
none;
};
};
If you want that to be available to the world in general (which you
usually do, for a mail server) then you need to get your friend to do
two things: add a NS record for your server to the "yourfriend.com"
zone file and alter the registration of the domain so that your server
is listed as one of the registered name servers for the domain. Your
friend should also check and make sure that his nameserver has
appropriate 'allow-transfer' statements so that your server can AXFR a
copy of the zone from it.
That's the hard part. The Secondary MX'ing part is fairly easy. All
you do is get your friend to add an MX record to the DNS
'yourfriend.com' zone listing your server as a high numbered MXer:
$ORIGIN yourfriend.com.
@ IN MX 0 smtp.yourfriend.com.
10 smtp2.yourfriend.com.
30 smtp.you.com.
And then add:
yourfriend.com RELAY
to /etc/mail/access and rebuild access.db. That means your machine
will accept e-mails addressed to users @yourfriend.com and queue them
up for relaying onto to his servers as soon as they come back up
again. If his site has to go down for an extended length of time, you
can make special arrangements to store incoming mail for longer than
the usual 5 days and then flush it over to him when he comes back up.
Recommended reading:
The Bat Book: Sendmail, Bryan Costales and Eric Allman, O'Reilly & Ass=
oc.=20
3rd Ed. 2002. http://www.oreilly.com/catalog/sendmail3/index.html
The Cricket Book: DNS and BIND, Paul Ablitz and Cricket Liu,
O'Reilly & Assoc. 4th Ed. 2001. http://www.oreilly.com/catalog/dns4/
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
--zYM0uCDKw75PZbzx
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQFBVw44iD657aJF7eIRAkosAJ97Z2xozKkg+Mn5uOpyvliOhUOhhQCfeqjG
+A2h4PQgp91XlQFm+nKpnCQ=
=e/Q0
-----END PGP SIGNATURE-----
--zYM0uCDKw75PZbzx--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040926184512.GA48082>