Backup MX server

All other technical assistance queries (General technical issues, IPv6. P2P, News groups, etc)
Post Reply
User avatar
Mort
Posts: 394
Joined: Sun Jan 23, 2005 3:04 pm
Location: Sydney
Contact:

Backup MX server

Post by Mort » Fri Apr 20, 2012 5:08 pm

Greetings,

I run my own mail server at home, and this has been pretty solid for the entire time I've been with Exetel. At most I think there was a 1/2 day outage. However I've been thinking it would be good to look at a backupMX for occasions where my service might be out of action.

I was just thinking about this last week, and of course this week my ADSL service decided to fail :(

I don't want a full hosted email service, I'm just looking for a backupMX to act as a store-forward in the event my primary MX server is unavailable. Is this something I can get setup with Exetel? I already have my own hosted DNS and I can create another MX record to point to another server that is properly configured.

Is this something Exetel can help me with?
As we know, there are known knowns. There are things we know we know. We also know there are known unknowns. That is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know.

User avatar
shoner
Posts: 756
Joined: Mon Apr 20, 2009 2:50 pm

Re: Backup MX server

Post by shoner » Fri Apr 20, 2012 7:28 pm

Mort wrote:Greetings,

I run my own mail server at home, and this has been pretty solid for the entire time I've been with Exetel. At most I think there was a 1/2 day outage. However I've been thinking it would be good to look at a backupMX for occasions where my service might be out of action.

I was just thinking about this last week, and of course this week my ADSL service decided to fail :(

I don't want a full hosted email service, I'm just looking for a backupMX to act as a store-forward in the event my primary MX server is unavailable. Is this something I can get setup with Exetel? I already have my own hosted DNS and I can create another MX record to point to another server that is properly configured.

Is this something Exetel can help me with?
Can you please PM me your service details.
"Helping Making a Better World"

Log a fault ticket Here
or call Exetel VOIP numbers (02) 8030 1000 or 1300 788 141 (log faults 24x7)
Exetel Support Portal

User avatar
Mort
Posts: 394
Joined: Sun Jan 23, 2005 3:04 pm
Location: Sydney
Contact:

Re: Backup MX server

Post by Mort » Fri Apr 20, 2012 8:50 pm

not sure how my service number helps, but PM has been sent.

Thanks
Scott.
As we know, there are known knowns. There are things we know we know. We also know there are known unknowns. That is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know.

User avatar
jokiin
Volunteer Site Admin
Posts: 2970
Joined: Mon Feb 02, 2004 10:23 pm
Location: Sydney

Re: Backup MX server

Post by jokiin » Sat Apr 21, 2012 3:36 pm

the quote below is from the server distro I use (SME server) but I think it's valid regardless of which distro you're using for self hosted mail, maybe food for thought before you go adding a backup mx


Secondary/Backup Mail Server Considerations

Many people misunderstand the issues of using a secondary or backup mail server (backup MX) to hold your mail before it gets delivered to your SME Server. If you consider putting a backup mail server in place because you are concerned about lost mail because your internet connection may occasionally drop out, think again and consider the issues discussed below.
What is Backup MX

A backup MX is a system whereby through your DNS records you tell other servers on the internet that in order to deliver mail to your domain they first need to try the primary MX record and if they fail to connect they can try to connect to one or more of your listed backup or secondary mail servers. See also http://en.wikipedia.org/wiki/MX_record
The process of delivering email to your SME Server

So lets look at how mail gets delivered without and with a backup mx when your Internet link, ISP or server is down.
Without a backup MX

The sending mail server cannot connect to your server.
The sending mail server MUST queue the mail and try again later.
The mail stays on the sender's server.
The sender's server resends the mail at a later date.

The requirement to re-queue is a fundamental part of the SMTP protocol - it is not optional. So, if your server is offline due to a link or ISP outage, the mail just stays at the sender's server until you are once again reachable.
With a backup MX

The sending mail server cannot contact your server.
The sending mail server sends the mail to your secondary MX.
The secondary MX queues the mail until your link/server is up.
The mail is queued on an untrusted third-party mail server (think about confidential mail between your company and some business partner).
The sending mail server's administrator thinks it has been delivered, according to their logs.
You have no, or little, visibility over the queued mail.
When your link comes up, the secondary MX sends the mail on to your server.
You have added more hops, more systems and more delay to the process.

If you think that a backup MX will protect against broken mail servers which don't re-queue, you can't. Those servers will drop mail on the floor at random times, for example when their Internet link is down.

Those servers are also highly likely to never try your backup MX.

Thankfully those servers are mostly gone from the Internet, but adding a secondary MX doesn't really improve the chances that they won't drop mail destined for your server on the floor.
Backup MX and SPAM Filtering

On top of the issue, indicated above, there is another issue to consider and that is what happens with SPAM due to the use of a Backup MX.

Your SME Server takes care of filtering a lot of SPAM by checking on the full username & domain at the time it is received.

For example if your server hosts example.com and someone sends mail to joeuser@example.com, the server will only accept the mail if joeuser is a local user/alias/group/pseudonym on the server. Otherwise, the mail is rejected during the SMTP transaction.

A backup mail server however, generally does not have a full list of users against which it can check if it should accept the mail for the given domain. Hence it will accept mail for invalid users.

So:

If you trust the secondary MX, you will accept a lot of SPAM when the link comes up.
If you don't trust it, you will cause a lot of SPAM backscatter as the mail has been accepted at the secondary MX and then later bounced by you.
Stopping backscatter is why SME Server rejects invalid addresses during the initial SMTP transaction.

The SPAM backscatter can only be stopped if the secondary MX has a full list of users for your domain to allow filtering to occur.

But:

You need to be able to configure this secondary MX with such user/domain lists
You need to maintain these secondary configurations when users are added/deleted from your primary server configuration
You need to test (regularly) if the secondary is successfully accepting/rejecting mail as required.

Quite a few sites have lost lots of mail through misconfigured backup MX servers. Unfortunately, the time when you find out they are misconfigured is when you go to use them, and then you find that the backup MX has changed configuration and bounced all of your mail.

Then you realise that this mail could have queued at the sender's site if there hadn't been a broken secondary MX bouncing the mail for you.

If you bounce mail at your server, you have logs to show what's wrong.
If your secondary MX bounces your mail, you usually have no way to determine what happened other than via reports from the original senders that your mail bounced.

Summary

In summary, if your server/Internet connection is available most (let's say >90%) of the time, you are generally better off without a secondary MX.

If your server/link is down more than this (e.g. dialup), you should not be delivering mail directly to your server.

If you still want to consider setting up a seconday MX, ensure that:

you have fully control of the configuration of each of the email gateways for your domain
each gateway can make decisions on whether to accept/reject mail for the users at the domain

User avatar
Mort
Posts: 394
Joined: Sun Jan 23, 2005 3:04 pm
Location: Sydney
Contact:

Re: Backup MX server

Post by Mort » Sat Apr 21, 2012 6:35 pm

Thanks jokiin,

I am aware of all of the pros and cons of having a backup mx. Some of the items listed there are not really "fair" arguments and seem like they are from someone who has a personal grudge against backup MX or something.

I know about the issues around SPAM, and the possible options that can be used to reduce it. I host my own email on Exchange, partly because it gives me greater control for my 4 domains, means I'm not limited by how many "hosted" email addresses I can have, but it is also a "learning" tool for me. I am an IT consultant and Exchange is one of the products I work with, so running my own in a production capacity give me certain experiences from an operational sense that you don't get by going into clients, installing, and walking away.

For the most part I was just trying to find out if an offering was even available, and at what price. I think the backup MX Exetel offering might be what I'm looking for, but I don't understand why it is listed as "unlimited email addresses" as that should be irrelevant to a store-forward backup MX server. If that means "unlimited domains" then that would make more sense. As it stands I am still waiting to find out if $50/year is per domain or not.

I've not really needed to think about it over the last 7 years I've been with Exetel, but my current outage is the longest I've experienced, and there is currently no expected time before it is resolved. *That* is a concern as while sending servers will hold onto mail and attempt redelivery for a time, usually that doesn't mean 5 days, and that is where a backup MX would come in handy.

In this case, what would be ideal is that I can configure my MX records to have a pointer to the Exetel backup MX, but I only enable the backup when needed for extended periods of time. I'm not running a big business or anything so an outage of 1/2 a day wouldn't be an issue, but if I knew it was going to be down any longer I could just enable the backup and at least ensure mail isn't NDR'd.

What is interesting in that article though is the use of backupmx and secondarymx interchangeably. They are "similar" in purpose, but both terms means different things and not necessarily the same thing.
As we know, there are known knowns. There are things we know we know. We also know there are known unknowns. That is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don't know we don't know.

ShaminG
Exetel Staff
Posts: 960
Joined: Wed Jan 06, 2010 10:11 am
Location: Sydney, Australia

Re: Backup MX server

Post by ShaminG » Mon Apr 23, 2012 2:42 pm

For the most part I was just trying to find out if an offering was even available, and at what price. I think the backup MX Exetel offering might be what I'm looking for, but I don't understand why it is listed as "unlimited email addresses" as that should be irrelevant to a store-forward backup MX server. If that means "unlimited domains" then that would make more sense. As it stands I am still waiting to find out if $50/year is per domain or not.
Yes, it's $ 50.00 per annum for the secondary email hosting service. It's per domain and not for unlimited domains :).

https://www.exetel.com.au/members/web_s ... r_form.php

Post Reply