Backup mail server?

Tue May 17 14:02:50 UTC 2005

Scot L. Harris wrote:
> On Tue, 2005-05-17 at 07:50, Ted Beaton wrote:
> 
> 
>>How about this?  Have 2 mail servers.  The backup kept in sync w/ the 
>>primary using rsync or something along that line.  Only the primary is 
>>in the dns.  Have a script on your dns ping the primary mail server and 
>>if it gets a response do nothing.  If it doesn't get a response the 
>>script then edits the db files on the dns server, changes the serial 
>>number in the files and restarts named.  The backup is now the primary. 
>>  Or to be a little more sophisticated you could have the script query 
>>the primary mail server with an expect script using esmtp.  This makes 
>>sure that esmtp is responding not just that the primary mail server is 
>>still on the network.  You need to be running your own dns and mail 
>>servers to do this.  I haven't had the time to do this myself but I know 
>>that my boss would go ballistic if he didn't have email for more than a 
>>couple hours.  Of course he doesn't want to pay for HA.  It was all I 
>>could do to get a Dell 1750 with raid 5 and dual power supplies to build 
>>my mail server on.  Email is his lifeline and he considers it critical.
> 
> 
> What do you have the time to live set to in DNS for your MX records? 
> Modifying DNS can cause significant delays until the new information is
> propagated across the Internet.  This is some what controlled by the
> time to live value set in your DNS.  
> 
> If you have two mail servers that you maintain set them up with equal MX
> records and email will flow though both of them.  If one goes down there
> will be a slight delay as the sender retries.  The delay will be
> controlled by the sender.  If you modify the DNS files as suggested the
> sender may not read the new MX info for some time depending on the TTL
> of the MX and how long their system caches the info.
> 
> Of course if email is really that important I assume you have your email
> servers at different locations with different ISPs.  
> 
> If he is not willing to pay for HA then it must not really be critical. 
You can even avoid the whole dns thing.  If the primary server is down 
(as in off the network), a couple things could happen.  First ifconfig 
the backup to the ip of the primary.  Then the change is invisible to 
both local users and the world.  Except for the MAC it is now the same 
machine.  Then send me an email telling me to go fix it so it doesn't 
come back up and cause an ip conflict.  If the machine isn't off the 
network but the processes are hosed just "init 0" it and then send me an 
email.  Depending on how you set up rsync the machine could have all the 
latest blacklists, access lists, av definitions, etc from that.  Or it 
could do it's own updates while it is waiting to assume the primary 
role.  As for needing the server at a different site, that would only be 
needed if your primary concern was people getting mail to it (which in 
the original post that was true).  In my case the guy I work for wants 
full functionality.  But if our internet connection is down he has no 
connectivity anyway.  He still couldn't get to his mail unless he went 
home.  As for the last statement "must not really be critical", I'm 
surprised that I'm the only person who works for someone who doesn't let 
logic dissuade him from what he wants.  He wants the redundancy of NASA 
for free. ;-)  Of course I haven't done this yet, even though this is 
"critical" to him, everything else is too and I'm doing "all the other 
stuff".  But I have done things like this in the past.

All information contained in this email is confidential and may be used by the intended recipient only.