On 6/9/2011 8:45 PM, Ben Kennedy wrote: > Hey folks, > > Some of you may recall this discussion from last fall. I've got a > problem, one that I guess my servers have exhibited for years, and I > want to fix it. > > I have two machines, which I'll call "primary" and "secondary". They > are both MX for a number of domains; primary has a lower priority number > (i.e. is a first choice for delivery), and holds the canonical backing > store (maildirs, POP3/IMAP service, etc). Secondary is designed to also > accept mail for these domains, and shunt any it happens to receive (by > virtue of esmtproutes) to primary. Both have mailbox configuration > provided by authmysql from a local replicated MySQL database. > > In case primary goes down, secondary will continue to queue mail and, at > my option, may be quickly switched into "primary behvaiour" (to deliver > locally and provide POP3/IMAP service) in the event that the original > primary cannot be brought online in a timely fashion. > > I have used this pattern for several years now, with general success. > > The gaping hole, of course, is that the secondary will accept any mail > for any mailbox on any of the domains. For domains with "alias@..." > style catch-alls, this is fine. For the rest, it induces the primary > into spewing out backscatter for any undliverable addresses. > > As I said, both machines share the mailbox config, and therefore have > the capability of knowing what is a legitimate address and what isn't. > But on the secondary, which has empty hosteddomains and esmtproutes > pointing to the primary, it never bothers to do an account lookup (it > only looks at the domain). > > How do I fix this?
My solution to this problem is to take the secondary server offline. If the primary server goes down, the sending servers will queue the mail for you for a reasonable amount of time (generally at least 24 hours, although I think 3-5 days is most common). This should give you plenty of time to repair the primary server or activate the secondary as a temporary replacement. Since mail is not being delivered while the primary server is down in either case, does it really matter whose queue the mail sits in? The only downside is that it will take longer for all of the queued mail to be delivered once the primary is back online, but I consider that to be an acceptable trade-off for not having to worry about synchronizing account lists or sending backscatter. After all, how frequently does your mail server crash? You can leave the secondary MX record in place even if the server is offline. This will not have any negative side effects and may even help to reduce spam since spammers frequently try the lower-priority server first. If you truly need to avoid any downtime, you might want to consider having two primary servers with shared storage for the mailboxes. -- Bowie ------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
