RE: [IMail Forum] Off Topic - Dual Connections
>...The second will never be looked at as long as DNS can find the first... In a perfect world - Yes. Unfortunately, spammers love secondary's as much (if not more) than the primary. ;-) ~Patrick -Original Message- From: imail_forum-ow...@list.ipswitch.com [mailto:imail_forum-ow...@list.ipswitch.com] On Behalf Of Jim Pearce Sent: Sunday, January 25, 2009 3:31 PM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] Off Topic - Dual Connections That is correct, make the secondary something like 10 and the primary something like 5. The second will never be looked at as long as DNS can find the first... To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
Re: [IMail Forum] Off Topic - Dual Connections
That is correct, make the secondary something like 10 and the primary something like 5. The second will never be looked at as long as DNS can find the first... - Original Message - From: "Sanford Whiteman" To: "Kevin Rogers" Sent: Sunday, January 25, 2009 1:54 PM Subject: Re: [IMail Forum] Off Topic - Dual Connections my MX record and then in my A record add "backup.mydomain.com" to point to the RCN static IP? I would set that up with a higher priority number so it only gets accessed when my primary MX record (which points to my Covad IP) is down. Would that work? For inbound, yes, since MX failover is built in to the MX algorithm). The bigger problem is outbound mail. Even if you manage to get working dead gateway detection so that outbound packets go out your RCN link if Covad is down (many cheapish routers can make sure this part works), you have to make sure that the mailserver's public IP on the RCN link has a PTR record matching its HELO -- and that PTR can't be in a known subscriber range or have be a suspicious subscriber-like hostname (1-2-3-4-cable-consumer.rcn.net). If you can get the PTR-EHLO-A "roundtrip" working on your backup link so you can have reliable outbound delivery in a failover state, then you should be okay. As Darin said, this does not account for any attempt to balance inbound HTTP over the 2 links; if you can automate DNS updates (by running your own DNS, or at least your own stealth primary DNS) this can, albeit roughly, be accomplished. And I don't disagree with the recommendation of just moving anything this sensitive to a datacenter! :) But there are indeed ways of getting it done at home in a rough sense for a few $ (dual-WAN router, Draytek for example). Just a matter of how much energy you want to spend, and what kind of guarantees you can make to your clients. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: sa...@cypressintegrated.com SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
Re: [IMail Forum] Off Topic - Dual Connections
> my MX record and then in my A record add "backup.mydomain.com" to point > to the RCN static IP? I would set that up with a higher priority number > so it only gets accessed when my primary MX record (which points to my > Covad IP) is down. Would that work? For inbound, yes, since MX failover is built in to the MX algorithm). The bigger problem is outbound mail. Even if you manage to get working dead gateway detection so that outbound packets go out your RCN link if Covad is down (many cheapish routers can make sure this part works), you have to make sure that the mailserver's public IP on the RCN link has a PTR record matching its HELO -- and that PTR can't be in a known subscriber range or have be a suspicious subscriber-like hostname (1-2-3-4-cable-consumer.rcn.net). If you can get the PTR-EHLO-A "roundtrip" working on your backup link so you can have reliable outbound delivery in a failover state, then you should be okay. As Darin said, this does not account for any attempt to balance inbound HTTP over the 2 links; if you can automate DNS updates (by running your own DNS, or at least your own stealth primary DNS) this can, albeit roughly, be accomplished. And I don't disagree with the recommendation of just moving anything this sensitive to a datacenter! :) But there are indeed ways of getting it done at home in a rough sense for a few $ (dual-WAN router, Draytek for example). Just a matter of how much energy you want to spend, and what kind of guarantees you can make to your clients. --Sandy Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: sa...@cypressintegrated.com SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
RE: [IMail Forum] Off Topic - Dual Connections
Darin wrote: "All in all, I'd advise putting the server in a hosting facility for more reliable power, connectivity and security." Kevin, we battled with something similar for close to a year (I probably have some posts in the archive!) We finally bit the bullet and moved the mail and web server to a collocation center, and the only complaint that I (and my boss who writes the checks) have is that I didn't do it sooner. Todd To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html
Re: [IMail Forum] Off Topic - Dual Connections
Hi Kevin, For mail this is an easier problem to fix. Just set up two MX records in DNS, e.g. mx1.example.com and mx2.example.com, and have each pointing to a static IP from each provider. Then if one is offline, mail servers should deliver to the other. For web this is more difficult, and involves either load balancing that occurs outside of your address space from each provider, or detection of downed lines with a process to update DNS records to change the IP. The latter is subject to TTL on the DNS records, though, which makes it less desirable. All in all, I'd advise putting the server in a hosting facility for more reliable power, connectivity and security. Darin. - Original Message - From: "Kevin Rogers" To: Sent: Sunday, January 25, 2009 4:31 AM Subject: [IMail Forum] Off Topic - Dual Connections I am using Covad Wireless for my sole access provider for my server. Lately, there have been problems connecting (radio interference between my satellite and the receiver) and they have stated that it's their fault. I've been thinking about an easy way to add another connection to my router for those very few times that my Covad connection drops. My server is in my home and so I'm trying to connect my home network (RCN - a cable provider in the Bay Area) to the server's router. My RCN (home) account has 5 static IPs. But setting up the DNS records is a bit confusing. I can't use the RCN static IP address in my MX record obviously, but I don't have a domain like "mail.rcn.com" from RCN - just the 5 static IPs. Is it possible to use some random domain like "backup.mydomain.com" in my MX record and then in my A record add "backup.mydomain.com" to point to the RCN static IP? I would set that up with a higher priority number so it only gets accessed when my primary MX record (which points to my Covad IP) is down. Would that work? Also, I have an A record that points to my Covad IP for http requests (I host both my webserver and my mail server on the same box). Since A records don't have priority levels, if I add another A record pointing to my RCN IP address, will http requests coming into my domain automatically try the first IP address listed in the record list (in this case Covad), or will it be random? I would like www.mydomain.com http requests to go through my Covad account if it's live, but my RCN account if it's not. Thanks Kevin To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html To Unsubscribe: http://imailserver.com/support/discussion_list/ List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://imailserver.com/support/kb.html