[TriLUG] backup email server

Aaron S. Joyner aaron at joyner.ws
Sun Jun 20 10:47:29 EDT 2004 

Tanner Lovelace wrote:

> Michael Hrivnak said the following on 6/20/04 12:00 AM:
>
>
>> mydomain = hrivnak.org
>> mydestination = $myhostname, localhost.$mydomain, localhost
>> relay_domains = $mydestination hrivnak.org
>> delay_warning_time = 24
>>
>> The rest are defaults.  I think this will make the machine relay mail 
>> to hrivnak.org.  Am I correct?
>
>
> Now, the other wrinkle here is that if the second mail server
> for some reason thinks its the final destination for hrivnak.org
> it will try to deliver the items locally.  I've only ever used
> backup mail servers in other domains, so I'm not sure what
> switches to use to make sure it doesn't keep any mail locally
> that should be sent on.  Perhaps someone else can speak to that?
>
> Cheers,
> Tanner

To build on what Tanner has already said, you need Postfix *not* to see 
hrivnak.org as a local destination.  That's controlled in Postfix by 
mydestination=<blah>.  In your above configuration you have setup 
mydestination, and it appears to be quite acceptable.  As long as the 
hostname of the machine is not hvirnak.org (doubtful) then you should be 
in good shape.  There are a few other things to keep in mind, though.  
Does this machine to spam checking, or username validation?  Since 
hrivnak.org isn't going to be a very heavily traveled domain, you're not 
likely to attract the attention of spammers sufficiently to make this a 
problem, but...  be aware that with a secondary mail server that accepts 
mail for all usernames, it's entirely possible that I can fill the queue 
to ridiculous proportions simply by sending a lot of bogus mail, 
attempting to find out what's a valid address and what isn't.  Probably 
not much of a concern, but if it is look into the verify and 
relay_recipient_maps features.

You also asked about a few other things:

>The mail sits in Que I guess waiting 
>to be relayed.  How often does postfix attempt to relay it?  Do I have 
>control over this?  Does it ever give up?  Where exactly does the email sit?
>
If the message passes the relay checks (which you've allowed above with 
relay_domains), then it is accepted into Postfix just like a regular 
message, and abides by all of the regular message-processing routines.  
The message then gets dropped into /var/spool/postfix/active and 
delivery is attempted (it actually makes a short stop through 
postfix/incoming before it's accepted for relaying).  If delivery 
succeeds, well, it's gone.  But if you're primary mail server isn't up 
for what ever reason, it gets dropped into the deferred queue.  
/var/spool/postfix/deferred contains the actual message itself, and 
/var/spool/postfix/defer contains the error message.  Under each of 
these directories is a set of subdirectories (active, defer, deffered, 
etc) labeled [0-9A-F], which corresponds to the first character of the 
message ID.  In a small mail system, you can do an ls -l defer*/*/* and 
see all of the messages that way.  On a larger mail system that 
segregation helps keep the directory sizes manageable, and doing a 
command like that can be a bit... output intensive.  :)  We often do a 
simple find command piped through wc -l, as quick way to find the number 
of messages in each of the queues.

So does it ever give up?  :)  Yes, it does.  As controlled by 
maximal_queue_lifetime in main.cf.  You also already have found 
delay_warning_time, which will determine when the sender is notified 
that there was a delivery problem with the message.  You set it to 24h, 
which might be a bit high.  The default is 4h, and is fairly 
respectable.  Imagine that if someone sends you a message, they will 
presume you've gotten it, unless they are notified otherwise.  24 hours 
might be a bit long for them to be under that incorrect assumption, but 
that is entirely your choice.  One of the nice benefits of running your 
own mail system.  :)

Hopefully that has answered all of your questions.  Before I close this 
out I'll throw out one thing - test it manually.  It's rather easy to 
generate a test message by hand, to a mail server.  Connect from 
somewhere other than local host, so you know relaying is working, and 
send it a message by hand.  All you need to do it telnet to port 25, and 
the session will go something like this:

> Trying 24.167.140.251...
> Connected to mail.hrivnak.org.
> Escape character is '^]'.
> 220 hrivnak.org ESMTP Postfix
> ehlo joyner.ws
> 250-hrivnak.org
> 250-PIPELINING
> 250-SIZE 10240000
> 250-VRFY
> 250-ETRN
> 250-STARTTLS
> 250 8BITMIME
> mail from:<spamalicious at joyner.ws>
> 250 Ok
> rcpt to:<michael at hrivnak.org>
> 450 <michael at hrivnak.org>: Recipient address rejected: User unknown in 
> local recipient table
> mhrivnak at hrivnak.org
> 502 Error: command not implemented
> rcpt to:<mhrivnak at hrivnak.org>
> 250 Ok
> data
> 354 End data with <CR><LF>.<CR><LF>
> Subject: Test Message number 1
>
> Here it is!
> Aaron S. Joyner
>
> .
> 250 Ok: queued as 90CDE1ECA0A
> quit
> 221 Bye
> Connection closed by foreign host.


Everything that doesn't start with a number is a command I entered.  
Connect up to your secondary mail server, chat a message out to it, and 
see if it shows up in your inbox.  Then, once you're sure it works 
correctly, you can setup the DNS MX records to actually put it in "harms 
way" of mail, so to speak.  :)

Best of luck with all of this,
Aaron S. Joyner

PS - Intrex does backup mail hosting for those interested in a 
commercially provided solution.  :)

More information about the TriLUG mailing list