Postfix Backup MX- FreeBSD

Share on:

ABackup Postfix MX ensures that you won’t lose any emails that are received if your primary mail server experiences downtime. If your mail server becomes unavailable, the Backup Postfix MX server will accept and hold your emails. Once your primary mail server becomes available again, the Backup Postfix MX will push the mail queue to the primary mail server.

I will cover setting the DNS records in relation with the Backup MX Sever. Also configuration of Postfix as a Backup MX and finally resending any mail that has been held on the backup MX to the primary Postfix server.

Backup Postfix MX DNS Configuration

In your DNS zone, two MX records should be added. One for the primary server and one for the secondary. It is important that the MX preference value for the primary is lower than the value for the secondary. If a lower MX preference value is given to the backup server, all email will go through the backup server.

Host Record Type Preference
mx-10.pbdigital.org MX 10
mx-20.pbdigital.org MX 20

Making Sure We Are Not a Relay Already

By default Postfix shold not be configured as a Relay but it is worth checking to see what is going on. First we can see if relaying is still indeed disabled and second we can get to know our Postfix system a little better.

Following we can determine the defaut settings in regards to relaying with Postfix.

The mynetworks & mynetworks_style directives will tell us what we need to know.

1# postconf | grep ^mynetworks
2mynetworks = 45.76.10.155/32 127.0.0.1/32
3mynetworks_style = host

mynetworks is the list of "trusted" remote SMTP clients that have more privileges than "strangers". In particular, "trusted" SMTP clients are allowed to relay mail through Postfix. Now you maybe a little concerned and rightly so that other machines on the network can use this as a Mail Relay. But fear not, the associated mynetworks_style directive limits mynetworks to only the local machine, as a value of "host" has been set.

This is a good start, it means Relaying is denied for all execpt the local machine.

You can also check the following so that you can see no other domains have been added to relay mail to.

1pmb@ewr-01:~ % postconf | grep ^relay_domains
2relay_domains = 

Adding Domains that we wish to Relay Mail for

Now that we have determined that we are not acting as a relay, we want to now configure this so we will relay mail for the domains that we control.

Allowing Relaying to domains that we conrtol, is as simple as appending the following to main.cf and restarting Postfix:

1# --------------------------------
2# BACKUP MX RELAY CONFIGURATION
3# --------------------------------
4#
5relay_domains = example-1.net
6                example-2.net
7                example-3.net
1# service postfix restart

NOTE: You will also need DNS records set for a MX Relay Server in order for relaying to work.

Testing

This can be tested by shutting down the Primary Mail Server, tailing /var/log/maillog on the MX Relay Server and watch it handle the incoming mail and then eventually realying to the Primary Mail Server when it comes back online.

What's next?

That was short and sweet, but effective. In my next post, which covers Spamassasin, I will be fine tuning a lot of directives that will be of interest, even if you will not be using Spamassassin.

Until next time,