On Tue, Jul 11, 2006 at 04:00:05PM -0400, Steve Campbell wrote: > >In the current internet, there isn't any point in having a secondary > >MX just for the purpose of fallback, if your primary server is mostly > >up. > > My boss is afraid of losing the secondaries. He feels that if these > tempfail due to the primary being down, the secondary would hold them and > we could flush the queue to deliver them faster and with control of it in > our hands.
No, the secondary would tempfail too, so you end up NOT accepting the email on the secondary. Try it. I feared the need for a secondary would be boss-induced :) It's now your job to educate the boss. The options are simple: fallback MX, as you described, is practically useless, especially in the "tempfail when primary is down" scenario. Legitimate senders will retry anyway, within a reasonable amount of time, and really crappy "legitimate" bulk senders won't retry even after a proper 4xx tempfail (like yahoogroups, or so I'm told). If you really want to build a redundant mail server, there is a lot more to it than just slapping a secondary MX in your DNS. You can either buy a box that's redundant all the way, for example one of the SUN or HP boxes - multiple CPUs, multiple powersupplies, built in RAID or connect it to a SAN. Or you buy (or build - with Linux and LVM and redundant PC style hardware - if you're feeling adventurous and cheap) an NFS device that has enough redundancy itself (at least RAID, preferably RAID 6), maybe with a SAN-backend, dual powersupply and the works. Then add a cluster (at least 2, 3 is better) identical machines that share the same configuration, and that mount the NFS device for storage. Add another cluster for IMAP or POP servers if you like (or simply add the IMAP/POP servers to the sendmail cluster if you don't have a high load). That way, when a piece of hardware fails, the users don't notice anything (maybe some connection timeouts unless you also add some form of dynamic loadbalancing. DNS loadbalancing is good enough for a few incoming mail servers). And you don't need to rush to get the faulty hardware replaced. Make sure you add redundant cross-connected routers, and most important: a redundant internet connection, or host the setup at a bigger colocate farm. If you do all that, you're really making a difference, reliability wise. Now go calculate the required hardware and present your boss with a cost estimate, and preferably also estimate which components are most likely to fail (usually disks and internet connectivity), and as a result which cost savings would have the least impact on reliability. You'll find out that just adding a backup MX adds practically zero to your reliability :) -- Jan-Pieter Cornet <[EMAIL PROTECTED]> !! Disc lamer: The addressee of this email is not the intended recipient. !! !! This is only a test of the echelon and data retention systems. Please !! !! archive this message indefinitely to allow verification of the logs. !! _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
