[CentOS] Re: help required

Thu Oct 16 21:51:09 UTC 2008
John Hinton <webmaster at ew3d.com>

Scott Silva wrote:
>
>> 2) i would like to also know about MX records
>>
>> i mean DNS server having MX with same priority n MX with different priority
>>
>> i right now have a primary n secondary mail server that is dns server with
>> different MX records and its workin fine
>>
>> if i have 2 servers with same MX priority do i need to create the same
>> users on both my centos servers so tht if one server fails othe one is
>> operational . i do presume the above is correct or is there any other way
>>
>>     
> You usually have your backup MX just hold the mail and forward it to the
> primary when it comes back up. To have a second server become operational if
> the first fails is not just about backups, it is about HA (high availability).
> There is more info on HA on the Linux HA website
> http://www.linux-ha.org/
>   
There's a nice milter for sendmail called milter-ahead. This works great 
on a backup mailserver as it will look 'ahead' to the primary and if it 
is up, it will not accept the email. This might sound silly at first, 
but if you don't do it this way, you'll find a huge queue of spam to 
nonexistant users on the backup server which can't be returned to the 
bad addresses spammers use... or you wind up bouncing spam to those that 
did not send it... a horrid situation.

I'm not understanding your using the same MX priority settings, as there 
is not really a default server. Mail winds up split between both places 
instead of hitting the primary first. Spammers however will find your 
backup server and send directly to it, in order to try to circumvent 
rejects from the primary and create bounces out of the secondary. This 
situation is almost as bad as having an open relay. You can land 
yourself on a lot of blacklists quickly and become a part of the spam 
problem easily.

If you do wish to have two equally accessible mailservers, users will 
need to be replicated. Clustering or something like Xen could be a 
better option.

Best,
John Hinton