Backup MX #591
Comments
|
I believe you want something like #177 |
|
Also, I agree about providing an alternate compose file for running a backup MX. My initial idea on the matter was providing a separate Postfix image with a special configuration and startup script, that given an api token would lookup the list of domains from the primary MX and serve these automatically. This will become really easy to setup once we have a proper api. Until then, maybe we can have an IP based authentication and an env variable for authorizing backup MX. |
kaiyou
added
feature
priority/p1
|
Why want a backup MX? You'll expose yourself to high levels of spam. Some (or most?) spammers tend to skip the primary MX record and go straight for the secondary. Secondly, if it does happen your single MX is down, mails are just hold in a queue at the sender's side until available again. I've read this article in the past, and I do feel they are right. On the modern internet there are more elegant solutions available for failover /HA. (Swarm, kubernetes, rancher). See also #177. |
|
Hi There, The To help with that, we are currently trying to find out which issues are actively keeping users from using In order for us to better assess this, it would be helpful if you could put a reaction on this post (use the 😃 icon to the top-right).
|
|
For future notice: perhaps backup MX servers could work partly with #1044, providing dovecot replication. That way each local MX server has a list of accounts and can accurately bounce mail, receive mail to it's local DB, and replicate (assuming the other side is up, or replicate once it does come up). Perhaps an alternative docker compose config without the admin/webmail containers could be helpful for this. A bit of stream of consciousness here, but perhaps these two issues could work together. |
|
Originally a backup MX was basically a big mail queue without the ability to directly deliver emails to mailboxes and I don't think this behavior makes much sense anymore, because as @muhlemmer already pointed out there are more modern and more general approaches for ensuring a highly available message submission without the downsides of a spammers attracting 'classic' backup MX. A replicated dovecot setup also imo doesn't really help with email submission, because afaik postfix should already defer emails when dovecot is not reachable via LMTP. Also dovecot is not necessary to e.g. bounce emails for invalid recipients, as these should already be handled by front/nginx before even hitting postfix or dovecot itself. I think the proper way to solve this (having multiple MX in case one isn't reachable) is to use a HA database setup (there are solutions for postgres and mariadb to achieve this) and have multiple instances of front/nginx, smtp/postfix and admin, but I'm not sure if anyone ever tested running multiple instances of admin. That way there would be no difference in scaling your setup for better load distribution or for better reliability. |
|
Old subject but still a problem when you have to shutdown you mx server like I have to do right now for hardware maintenance. Anyone tried to setup a bakup mx with a slave db and friends around to keep mail filterting operates as well as on the master mx? |
|
In my experience it is not really a problem when your server is down for a period < 24hrs without a backup MX (maybe even up to 4 days, but I didn't try). You may lose some cron and other automatic emails on some devices without a queue (iot devices for example), because submission will also be offline when you do the maintenance. |
Is there an official Mailu way of running a backup MX? If not, would you accept an alternate docker-compose file and configuration options to run a similar easily-configured backup MX?
The text was updated successfully, but these errors were encountered: