[TriLUG] backup email server
Aaron S. Joyner
aaron at joyner.ws
Sun Jun 20 10:47:29 EDT 2004
Tanner Lovelace wrote:
> Michael Hrivnak said the following on 6/20/04 12:00 AM:
>
>
>> mydomain = hrivnak.org
>> mydestination = $myhostname, localhost.$mydomain, localhost
>> relay_domains = $mydestination hrivnak.org
>> delay_warning_time = 24
>>
>> The rest are defaults. I think this will make the machine relay mail
>> to hrivnak.org. Am I correct?
>
>
> Now, the other wrinkle here is that if the second mail server
> for some reason thinks its the final destination for hrivnak.org
> it will try to deliver the items locally. I've only ever used
> backup mail servers in other domains, so I'm not sure what
> switches to use to make sure it doesn't keep any mail locally
> that should be sent on. Perhaps someone else can speak to that?
>
> Cheers,
> Tanner
To build on what Tanner has already said, you need Postfix *not* to see
hrivnak.org as a local destination. That's controlled in Postfix by
mydestination=<blah>. In your above configuration you have setup
mydestination, and it appears to be quite acceptable. As long as the
hostname of the machine is not hvirnak.org (doubtful) then you should be
in good shape. There are a few other things to keep in mind, though.
Does this machine to spam checking, or username validation? Since
hrivnak.org isn't going to be a very heavily traveled domain, you're not
likely to attract the attention of spammers sufficiently to make this a
problem, but... be aware that with a secondary mail server that accepts
mail for all usernames, it's entirely possible that I can fill the queue
to ridiculous proportions simply by sending a lot of bogus mail,
attempting to find out what's a valid address and what isn't. Probably
not much of a concern, but if it is look into the verify and
relay_recipient_maps features.
You also asked about a few other things:
>The mail sits in Que I guess waiting
>to be relayed. How often does postfix attempt to relay it? Do I have
>control over this? Does it ever give up? Where exactly does the email sit?
>
If the message passes the relay checks (which you've allowed above with
relay_domains), then it is accepted into Postfix just like a regular
message, and abides by all of the regular message-processing routines.
The message then gets dropped into /var/spool/postfix/active and
delivery is attempted (it actually makes a short stop through
postfix/incoming before it's accepted for relaying). If delivery
succeeds, well, it's gone. But if you're primary mail server isn't up
for what ever reason, it gets dropped into the deferred queue.
/var/spool/postfix/deferred contains the actual message itself, and
/var/spool/postfix/defer contains the error message. Under each of
these directories is a set of subdirectories (active, defer, deffered,
etc) labeled [0-9A-F], which corresponds to the first character of the
message ID. In a small mail system, you can do an ls -l defer*/*/* and
see all of the messages that way. On a larger mail system that
segregation helps keep the directory sizes manageable, and doing a
command like that can be a bit... output intensive. :) We often do a
simple find command piped through wc -l, as quick way to find the number
of messages in each of the queues.
So does it ever give up? :) Yes, it does. As controlled by
maximal_queue_lifetime in main.cf. You also already have found
delay_warning_time, which will determine when the sender is notified
that there was a delivery problem with the message. You set it to 24h,
which might be a bit high. The default is 4h, and is fairly
respectable. Imagine that if someone sends you a message, they will
presume you've gotten it, unless they are notified otherwise. 24 hours
might be a bit long for them to be under that incorrect assumption, but
that is entirely your choice. One of the nice benefits of running your
own mail system. :)
Hopefully that has answered all of your questions. Before I close this
out I'll throw out one thing - test it manually. It's rather easy to
generate a test message by hand, to a mail server. Connect from
somewhere other than local host, so you know relaying is working, and
send it a message by hand. All you need to do it telnet to port 25, and
the session will go something like this:
> Trying 24.167.140.251...
> Connected to mail.hrivnak.org.
> Escape character is '^]'.
> 220 hrivnak.org ESMTP Postfix
> ehlo joyner.ws
> 250-hrivnak.org
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250 8BITMIME
> mail from:<spamalicious at joyner.ws>
> 250 Ok
> rcpt to:<michael at hrivnak.org>
> 450 <michael at hrivnak.org>: Recipient address rejected: User unknown in
> local recipient table
> mhrivnak at hrivnak.org
> 502 Error: command not implemented
> rcpt to:<mhrivnak at hrivnak.org>
> 250 Ok
> data
> 354 End data with <CR><LF>.<CR><LF>
> Subject: Test Message number 1
>
> Here it is!
> Aaron S. Joyner
>
> .
> 250 Ok: queued as 90CDE1ECA0A
> quit
> 221 Bye
> Connection closed by foreign host.
Everything that doesn't start with a number is a command I entered.
Connect up to your secondary mail server, chat a message out to it, and
see if it shows up in your inbox. Then, once you're sure it works
correctly, you can setup the DNS MX records to actually put it in "harms
way" of mail, so to speak. :)
Best of luck with all of this,
Aaron S. Joyner
PS - Intrex does backup mail hosting for those interested in a
commercially provided solution. :)
More information about the TriLUG
mailing list