stocksy.co.uk
"the site for those who crave disappointment"

Sponsored Links

Postfix as a backup MX host

27th Nov 2005, 16:36:39

By James Stocks

Outdated!

This article is outdated. I no longer run a backup MX at all and have not done so for years. The disadvantages outweigh the benefits.

Pro:

Con:

Still want to do it? Well, here's the old article:

I've had Postfix/amavisd-new/SpamAssassin/ClamAV/Courier running smoothly on my toaster for a while, thanks to Christoph Haas. Paranoid thoughts have since crept in; what would happen if my toaster were to stop working?

Luckily, I'm the kind of guy who has an old laptop many miles away, quietly humming away under my parents' desk. (No, I don't live in my parents' basement) This would do nicely as a backup MX!

My victim in this case is a Toshiba PIII 700 with a dizzying 64MB RAM, on which I've installed Ubuntu breezy. My parents have a dynamic IP address, which seldom changes in practice. Usually, it's not practical operate a mail server on a dynamic IP because many major ISPs like Yahoo and AOL block any mail from such IP ranges. In this case I'm not concerned, the purpose of a backup MX is to hold on to mail until the primary MX becomes available again, so it is only delivering mail to servers under my control (I will not block my own mail!).

I need to give the backup MX a hostname, I've chosen mail2.toastputer.net - I'm so creative. Fortunately, toastputer.net is hosted by dyndns.org, so I will set the laptop to update it's ip address with ddclient.

# apt-get install ddclient

ddclient works with other services like Hammernode, Zoneedit and EasyDNS. It is very easy to set up.

Lets get on with it and install postfix:

# apt-get install postfix

I chose 'no configuration', because I wanted complete control. Once Postfix is installed, cd to /etc/postfix and sudo vi main.cf

Here's my main.cf with comments to explain what's going on:

#This is the default and will do for me
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
#Notifies users of new mail using comsat. Since I have no local users or comsat, seems sensible to turn it off
biff = no
# appending .domain is the MUA's job. - disable rewriting of user@host to user@host.domain
append_dot_mydomain = no

#Trust no-one except yourself. IP addresses in mynetworks can relay mail to any address
mynetworks = 127.0.0.1/8

#Listen on all ip addresses
inet_interfaces = all

#Who we will accept mail for
relay_domains = hash:/etc/postfix/relays
#Where it will be sent
transport_maps = hash:/etc/postfix/transport

smtpd_recipient_restrictions = permit_mynetworks, check_relay_domains

Here is /etc/postfix/transport:

stocksy.co.uk smtp:mail.toastputer.net
mattsfoolsgold.co.uk smtp:mail.toastputer.net
#...etc

and /etc/postfix/relays

stocksy.co.uk OK
mattsfoolsgold.co.uk OK
#...etc

It's necessary to run # postmap /etc/postfix/transport and # postmap /etc/postfix/relays so that Postfix can read the files.

Restart Postfix:

/etc/init.d/postfix restart

Check that it actually works (from another host!):

$ telnet mail2.toastputer.net 25
Trying 82.21.124.237...
Connected to mail2.toastputer.net.
Escape character is '^]'.
Postfix: 220 mail2.toastputer.net ESMTP Postfix (Ubuntu)
You: ehlo www.stocksy.co.uk
Postfix: 250-mail2.toastputer.net
Postfix: 250-PIPELINING
Postfix: 250-SIZE 10240000
Postfix: 250-VRFY
Postfix: 250-ETRN
Postfix: 250 8BITMIME
You: mail from:<stocksy@SPAMMERSDIEstocksy.co.uk>
Postfix: 250 Ok
You: rcpt to:<stocksy@NOSPAMMERSDIEstocksy.co.uk>
Postfix: 250 Ok
You: data
Postfix: 354 End data with <CR><LF>.<CR><LF%gt;
You: Subject: Test message to test backup MX
You: This is the message body.
You: .
Postfix: 250 Ok: queued as 47EDE57B81
You: quit
Postfix: 221 Bye
Connection closed by foreign host.

If you receive the email, good! If not, tail -f /var/log/mail.log should tell you why.

Check that you are not an open relay!

$ telnet relay-test.mail-abuse.org

With this in place, I needed to update the MX records for my domain. This differs from provider to provider, but you must set your primary MX's priority lower than the backup, e.g:

$ dig mx stocksy.co.uk

; <<>> DiG 9.2.2 <<>> mx stocksy.co.uk
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14586
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;stocksy.co.uk. IN MX

;; ANSWER SECTION:
stocksy.co.uk. 7190 IN MX 5 mail2.toastputer.net.
stocksy.co.uk. 7190 IN MX 0 mail.toastputer.net.

;; AUTHORITY SECTION:
stocksy.co.uk. 7190 IN NS ns17.zoneedit.com.
stocksy.co.uk. 7190 IN NS ns8.zoneedit.com.

;; ADDITIONAL SECTION:
ns8.zoneedit.com. 172790 IN A 206.55.124.4
ns17.zoneedit.com. 172790 IN A 209.126.159.118

;; Query time: 3 msec
;; SERVER: 172.16.0.81#53(172.16.0.81)
;; WHEN: Sun Nov 27 18:43:02 2005
;; MSG SIZE rcvd: 169

Test it. Stop the MTA on your primary MX and send yourself some email from gmail (or something). If you $ tail -f /var/log/mail.log on your backup MX, you'll see the mail queuing up. Start your MTA again and it'll get delivered to you. Use # postqueue -f if you are impatient.

New Comments

Some Rights Reserved