Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: redondancy low cost. I hope I'm right ?

  1. #1
    Join Date
    Jan 2007
    Location
    Quebec
    Posts
    16
    Rep Power
    8

    Default redondancy low cost. I hope I'm right ?

    I'm wondering after a lot of testing if the way I see it is right. I am trying to set up a two servers configuration :
    - the first one on site, with all the components, a full Zimbra server, with low MX preference
    - the second on a remote site, set with only the smtp (MTA componnenet) to relay my mail to the first one, MX preference High - a backup MX (as it seems to be)

    So, theoricaly, since the second is on a T1, he's gonna get all the mail and forward it to my primary, and hold it in case of my first server get down ...

    If I'm right, I wonder how to set up the second server ... I'm I better to set a Postfix alone or a Zimbra MTA ...

    Also, I'm reading a lot of comments about "How a backup MX is BAD" but with no good argumentation. Someone has an experience with that ?

    Thanks to all,
    Fred
    Last edited by drez; 02-06-2007 at 10:47 AM.

  2. #2
    Join Date
    Jan 2007
    Location
    Quebec
    Posts
    16
    Rep Power
    8

    Default

    Almost resolv :

    For those who wonder, like I was, it seems that there is no restriction in using a Backup MX. Some admin talk about the reason to get it or not because of the thin possibility of needing it vs the better possibility to have it miss-configure.

    When the thin possibility in which case you would need a backup MX is :
    Your primary MX is down and
    - the sender MTA got retry timeout
    - ... is there any other

    and when the miss-configure effect would be :
    - spammer uses your relay to relay
    - you got spam by your backup MX anti-spam/anti-virus (not tested...)

    So, anyone configure a Zimbra mail server in BAckup MX ?

  3. #3
    Join Date
    Mar 2006
    Posts
    86
    Rep Power
    9

    Default

    We are using a multi-server Zimbra setup with 2 MTAs (also have LDAP on them). Works great. The only issues are :

    1. Each MTA will learn spam differently (? Can anyone correct me on this)
    2. If our primary machine (which is also the LDAP master) is down and the secondary needs to be rebooted or for some reason can't connect to the primary, it won't start because it needs to do a LDAP sync when it starts Zimbra services (again someone feel free to correct me if I'm wrong).

    4.0.5 NE

  4. #4
    Join Date
    Jan 2007
    Location
    Quebec
    Posts
    16
    Rep Power
    8

    Default

    Thank you for your update.
    You say that you install 2 full zimbra package, and that you sync the ldap database between the master and the slave ...

    I don't really understand how the mailbox are handle, you mirror it ?...

    Or you configure the slave to forward everything to the master ?...

  5. #5
    Join Date
    Mar 2006
    Posts
    86
    Rep Power
    9

    Default

    Its not 2 full zimbra setups. The setup is:

    1. mailstore/master LDAP (office location 1)
    2. MTA/slave LDAP (office location 1)
    3. MTA/slave LDAP (office location 2)

    The 2 MTAs are our mailexchangers (MXs) and receive mail which they then forward to the mailstore. Similarly for outgoing, the mailstore forwards to one of the MTAs (for people using webmail or ZCO) or people using IMAP get to use one of the MTAs for outgoing SMTP (done by round-robin DNS).

    The LDAP sync is part of the normal Zimbra process if you have multiple LDAP components installed.

  6. #6
    Join Date
    Jan 2007
    Location
    Quebec
    Posts
    16
    Rep Power
    8

    Default

    Do you think it can be done with
    - a whole zimbra Server (Primary - location 1), MTA, store, ldap
    - a MTA alone (Backup), no ldap which forward everything from or for the domain

    I understand this ldap addition of yours cause when I try to setup this scheme above, the backup server complained about not recognizing users. -I thought that telling him to forward the whole domain would be ok, but doesn't seems.

    My goal is to be sure we lost no mail and that my primary location use as less bandwidth as possible.

  7. #7
    Join Date
    Mar 2006
    Posts
    86
    Rep Power
    9

    Default

    Sure. You could do what you are suggesting. The issues would be:

    1. Your standalone backup MX would not know legitimate users automatically. So you might have to do a manual perodic action where you update legit users on the backup MX. This ensures that it can block messages to fake users

    2. You would have to setup AV/AS on backup MX so that it doesn't get used by spammers. The problem is that it won't learn as well since it's not getting spam/ham info from Zimbra.

    Having said that, there are still reasons to go with a standalone backup MX.

  8. #8
    Join Date
    Jan 2007
    Location
    Quebec
    Posts
    16
    Rep Power
    8

    Default

    First, thanks a lot for your time ! I appreciate so much.

    Since the backup MX would only be use in the case of the primary going down, I don't see why I would include AV/AS on it. And for the same reason, I don't see why the backup MX would have to know the users. His only job would consist in :
    - keeping incomming mail in case of teh primary is down
    - forward everything to the primary when he is back up

    Do you see a problem with this config ?

  9. #9
    Join Date
    Mar 2006
    Posts
    86
    Rep Power
    9

    Default

    If you leave the backup MX on without AV/AS protection, spammers will automatically start sending emails to your backup MX rather than your primary MX

    If that happens, your primary will have to block spam emails that have been sent to the secondary MX, and your secondary MX will bog down and occupy bandwidth unnecessarily.

    Maybe someone else has an opinion about this.

  10. #10
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    vshah is correct about spammers using your backup mail server for send their rubbish to, it's a very good argument for not having a backup mail server.

    Rather than go through the hassle of setting-up and configuring a backup server (if you really want one), have you thought about using a DNS hosting provider that has a backup mail server if yours goes down? I don't know if it's practical for you to do this but I use easyDNS for my DNS hosting and they run backup mail servers and if my server goes down they hold my mail for up-to five days and when my server comes up, the mail flows to me. That provides a simple and cost effective solution without the expense or hassle of extra servers.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •