Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 1st October 2006, 23:19
zitch zitch is offline
Junior Member
 
Join Date: Sep 2006
Location: Lafayette, LA, USA
Posts: 6
Thanks: 0
Thanked 1 Time in 1 Post
Default Setting up a backup mail server setup with two installations of ISPConfig

Please note: This is a work in progress. I do hope that this will eventually expand into a full-blown how-to, but I will probably need some assistance with it. I will also putting notes down here as I work on a complete backup-mail server solution using ISPConfig. Feel free to make comments and questions as I work on it. Thanks.

The situation
I've been working on setting up a backup main server for my domains for some amount of time. There are several guides out there that show you how to set one up with postfix, but they have one problem: All of the ones I've read will setup a relay server that will simply attempt to forward any mail to the entire domain to the primary server. What then happens in this case is the primary server will reject any email addresses not in its local users table, and the backup mail server will be forced to bounce the message back to the from email address. This can cause a potential problem, though; some unscrupulous person can use the backup server in a "backscatter" attack, where he will send many emails to the backup server to non-existent users that are in its domain and cause the backup email server to bounce messages back tto the forged "from:" addresses, annoying end victims and painting your backup server as a culprit in this "spam" and possibly blacklisted for being in accordance with the RFCs!

The Solution
One possibly solution is to simply go sod with the RFCs and prevent the backup mail server from bouncing emails, but this is a bit of a hack, does not comply with the RFC standard, and is inconsiderate to legitamite users that may have mistyped an email and should know that the message was not successfully delivered.

The better way is to maintain a list of relayable recipent addresses on the backup mail server that will be syncronized with the primary mail backup server's, virtual users list.

The How-To This applies to the current version of ISPConfig (version 2.2.6). This section is incomplete, but I will include an example to help with fleshing out this idea
An example setup
Let's say we have two servers with ISPConfig setup on both running with postfix as the MTA. Let's call them server1.maindomain.tld and server2.maindomain.tld. Let's say we have a domain hosted on server1,:called www.hosteddomain.tld, with server users with the addresses user1@hosteddomain.tld and user2@hosteddomain.tld.

We want to setup server2.maindomain.tld as a backup mail server for hosteddomain.tld, so our DNS records will have the following information for this domain:

Priority: 10, Host: @, Goes to: server1.maindomain.tld
Priority: 20, Host: @, Goes to: server2.maindomain.tld

On server2.maindomain.tld, we need to modify /etc/postfix/main.cf by adding the following two lines:
Code:
relay_domains = hash:/etc/postfix/relay_domains
relay_recipient_maps = hash:/etc/postfix/relay_recipients
Then create /etc/postfix/relay_domains with the following text:
Code:
hosteddomain.tld     relay
Then run the following commands:
Code:
postmap /etc/postfix/relay_domains
Next, create /etc/postfix/relay_recipients with the following text:
Code:
user1@hosteddomain.tld   relay
user2@hosteddomain.tld   relay
Then run:
Code:
postmap /etc/postfix/relay_recipients
The "relay" column can actually be anything, like "x" or something. It's just that postmap requires there be two actual columns (it seems).

server2.maindomain.tld should now be acting as a backup mail server for the hosteddomain.tld domain (according to most such guides on the net and my own testing). Now, whenever a new user is added in the primary server, a new entry in "relay_recipents" will have to be added and postmap /etc/postfix/relay_recipients run to add the new user in the backup server's relay list.

My observations to flesh out an auto-syncronizing system between Primary mail server and the Backup mail server(s)
On the primary mail server, I've observed a file that would make this much simpler. This is /etc/postfix/virtualusertable. It seems simply copying this file to the backup mail server as /etc/postfix/relay_recipents with the domains setup in relay_domains might be sufficient to syncronize the list and make the backup server reject any invalid "to:" addresses without having to have itself bounce a message. The nice thing is virtualusertable also includes any aliases of users on the primary system.

What I plan on doing is creating a script that will do the following on the primary server:

1) Make a copy of the virtualusertable file in a location where the backup mail server can retrieve it, preferably http locked with a user and password login, everytime this file is modified or running as a cron job.

On the backup server, I'm looking into a script that will do the following in a cronjob:

1) Retrieve the file from the primary server (probably using wget). If the retrieve failed, cancel the rest of the script. If it retrieves it, save it temporarily as "retrievedvirtualusertable".
2) Detect any changes.
3) Parse through retrievedvirtualusertable and create a file called retrieveddomains, where it would only have all of the domains list only once.
4) Match retrieveddomains with the backup server's local-host-names, save anything in retrieveddomains but not in local-host-names in /etc/postfix/relay_domains.
5) Run "postmap /etc/postfix/relay_domains"
6) Match retrievedvirtualusertable with the backup server's virtualusertable, save anything in retrievedvirtualusertable but not in virtualusertable in /etc/postfix/relay_recipient.
6) Run "postmap /etc/postfix/relay_recipient".

Well, this is where I'm at so far. Hopefully, I'll have time in the next week to create these scripts to do that.

If you have any comments, feel free to reply in this thread.

Thanks.

Last edited by zitch; 28th December 2006 at 17:26.
Reply With Quote
The Following User Says Thank You to zitch For This Useful Post:
AbannyvabVask (17th December 2013)
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Statistic not working mzo Installation/Configuration 49 20th April 2011 12:19
Web server and Mail server on 2 ispconfig adrenalinic Installation/Configuration 1 3rd September 2006 17:55
How to setup mail to conform to expected behaviour? mxc General 3 11th June 2006 12:59
SP-Server Setup - Ubuntu 5.10 "Breezy Badger" - Page 6 (changes) LuisC-SM HOWTO-Related Questions 0 21st April 2006 15:16
need help setting up a mail server paulley Server Operation 10 20th February 2006 16:01


All times are GMT +2. The time now is 00:08.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.