MX Backups and MTAs

Now, I know that backup MXes (or is that MX backups?) have become somewhat questionable in the eyes of many a mail administrator, mostly because it seems quite unlikely today that a primary MX can be allowed to stay offline for more than say 24 straight hours.
After all, they do have someone doing IT there, don't they?
And I couldn't agree more, but you know, some businesses still like to think along the blessed lines of better safe then sorry and not my fault, so, as a consequence, I recently had to install and configure a backup MX server.

I did my DNS homeworks for the given domains then, being a devoted Courier MTA altar boy, I just started out looking for some specific information on relaying I was missing, then proceeded to install the software and configure the service1.
Except that I had then to move on to Postfix: install, configure, and then move on again and finally successfully settle on Exim (4).

What happened, and no doubt that was my fault although timelines and budget were fixed so there was little time for extra-research, is that: a) Courier simply didn't relay at all b) Postfix did relay even what it shouldn't have 2 c) Exim just worked.

Things seemed so trivially easy. Courier's FAQ 3 simply stated that you needed

/etc/courier/locals:
backupmx.domain.com
/etc/courier/esmtpacceptmailfor:
domain.com

in your configuration to act as an MX backup for domain.com. One more line in esmtproutes was required if different MX backups happen to have the same priority.
Well, my Courier simply didn't want to behave. Even with the usual useful help from the guys in the courier-users mailing list all efforts were to no avail. Courier simply refused to relay mail. It was a no way José and time running short.
So enter Postfix, whose version of the above was 4 still fairly simple:

/etc/postfix/main.cf:
relay_domains = the.backed-up.domain.tld
smtpd_recipient_restrictions = permit_mynetworks
reject_unauth_destination

Guess what? All mail flew through splendidly.
What I ended up doing was spending three hours on the documentation, figuring out flow and directives precedence rules and everything, but whatever line I added, moved, removed, I just still had a perfect relay for Joe Spammer to use.

Firmly (stubbornly) set to have either one of these two monsters working, I tried Exim 4 just to see if I could gain some insight on the process. Well, it worked with its default configuration. Just worked. It refused to relay mail to non-hosted domains, it relayed appropriately the rest, and it queued messages when the primary MX was down, releasing them when it came back on.

If this says something, I think it says that studying and experimenting always pays off. Mh. Maybe I should have one more cup of coffee.

  • 1. This was all done on a clean, lean Debian Sarge server install
  • 2. And this can get very ugly very quickly. If you end up an open relay and, all ethical considerations apart, you pay what you transfer, well, kill the thing before it kills your wallet
  • 3. Don't trust my typing. Check the Courier MX backup FAQ entry yourself
  • 4. Again, check the Postfix MX backup FAQ entry, don't take my word for it
My Dad's portable Underwood

Big rock small rock

Information architecture, way-finding, user experience, and design.

Usability banzai

Title says it all. The Takeshi's Castle of web site usability

Life in the tech lane

I used to be a sysadmin, and I still rsync now and then.

Daglig Svenska

The undersea adventures of getting settled in Sweden. Just details from a very small picture.