Comments on Setting Up Postfix As A Backup MX

Reading this tutorial I have to agree, that setting up a basic backup MX is indeed pretty easy. But problems are not too far away:

If you compare the configuration you are showing here with a typical modern anti-spam configuration almost everything is missing. This is what spammers like to see and that is the reason they like to send mail to lower priority MX servers, as they are more often than not not so well configured.

In my case using the herein described backup config in conjunction with my current primary MX setup this would lead to the following worst-case scenario:

My main MX server goes down. While our current mail server rejects well over 90% of the incoming mails (up to 50.000 per day over the last days) the backup MX would not. If the backup does not break under the heavy load our primary MX will, once it gets back online and the backup send it thousands of thousands of mails and none of them will get rejected and each and every mail will be virus and spam scanned.

It wouldn't take long until your primary mail server will shut down due to heavy load.

So, if you indeed intend to set up a backup mx, make sure it runs the same config in terms of spam rejection as your primary server. Otherwise you will notice an almost instant rise in spam mails that come through (relayed by your backup MX).

The Spammer Trick with the lower prio MX is a thing that should be hard to work around, especially when ure recieving Mail for several Domains.
Armoring the Backup MX the same way like the Primary would mean syncing Spamfilter Data. In my case (ASSP) sure possible but a thing that should be installed for every aditional domain.
File Access / Cronjobs would be needed on the Primary System, there should be FTP/SSH etc for File Transfer in Backup System

Mine "simple dirty fix idea" would be now to let the backup only recieve in case the primary mail exchanger is down.
A little php/perl script [e.g. fsockopen()] could do this monitoring, writing postix conf /restarting for the case the primary dont respond as it should.

The advantage would be that the relay stays up.
So spammers would get a responding tcp 25 presented on the Backup MX Record, maybe theres a possibility to delay them (lame them in fact...)

Im running some M$ Exchange servers , they are mostly in Client Workplaces on  thin dynamic-addressed DSL lines. This Environments are screaming for a BackupMX, so it would be a rly nice to have...

however, im not registered here.
if someone got the tune to make such running, contact my bnc quakenet (plz / #dswp)

This HOWTO misses out key elements.

 Postfix offers recipient address validation, where it will make a call-out to the primary server to check if an address exists. It will cache information about these addresses, so that it will be able to sensibly queue only emails to addresses that exist when the primary is down. Although you might want to ensure that it receives some email in normal operation to prime the cache (such as being listed as the first server to try for the domain).

See Postfix docs

The first question anyone should ask is do I need a backup MX? In the example described above there is nothing to cause the backup to flush its queue when the primary becomes available. So it may be that when the primary comes back email on this server will take longer to deliver than if no backup MX server had existed. Especially if there is no address validation being performed.

I agree about the spam issue in the first comment, the backup MX needs at least as good, or better spam filtering.

Running a backup mx is not as easy as it seems.  There is a lot of variables that go into making sure you aren't getting junk mail, making sure the messages get back to the primary ok, etc..  For that reason I simply use backup mx through http://www.mxsave.com/.

Can anybody write a good description?It doesn't work and really old.Thanks!

  I have configured a backup mail server postfix for mass mailing.

  we are experiencing a problem while sending the E-Mail from Backup MX mail server its delivering as Spam, but when we are sending from main mail server its delivering as normal(not as Spam) can any one please suggest me what steps to be taken or it will be fixed by changing my IP ?

Thanking in advance

 Shiva

You have to set SPF record of your domain from which you send mails. If you do some form of DKIM or Domain Key, than you have to copy signing key to your backup MX.

Check your backup MX IP in sites like http://mxtoolbox.com for blacklists and check mails from MX on http://dkimvalidator.com for more information what is wrong, and why your mail is labeled as SPAM.

Thank you for the sumarrized tutorial. 

I did configured my backup mx server with postfix following the steps.

When I turn off my primary postfix, secondary is receiving the mails. So far so good.

However,  turning the primary back on doesn't get mails back from the secondary. They just stay in the secondary without sending the mails back to primary. 

Any ideas ?

Thanks,

Lyubo

Can you please share how you have set your "virtual_transport" parameter in main.cf 

Thanks,

Lyubo

I finally got it working by setting "virtual_transport = smtp:example:"

Now, when I turn the primary postfix off, the mails stays in the mailq of the secondary:

 C32DA8C0076: to=<[email protected]>, relay=none, delay=76, delays=76/0.02/0/0, dsn=4.4.1, status=deferred (connect to mail.example.com[1.2.3.4]:25: Connection refused)

When I turn the primary on, it receives the mails back from the secondary:

postfix/smtp[17966]: C83EB8C0067: to=<[email protected]>, relay=example.com[1.2.3.4]:25, delay=211, delays=208/0/0.43/2.5, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 74EB2E0B35)

Thanks again!

Lyubo

I can not find anything about secure communication protocols for a mail backup server. Does it receive and send messages in plain text?

I see the virtual_transport comment, is this howto up to date? Best practice to rejecting Spamers?

Making sure if main server goes offline that incoming mail will be collected till main server is back online and then it will be delivered. Are DKIM and SPF needed in this case when den backup MX is not going to be sending email?

Can't emphesis this part enough..."It's important that the primary MX has a lower number (10) and therefore a higher priority than the backup MX (20)."Postfix on the backup mail host will give a 'loops back to myself' bounce if it is supposed to be a backup MX (relaying_domains) and it has the same weight as the primary MX.  Just came across this and was thinking it was a config issue when it was a DNS issue.