SM Backup MX or Failover?
Question asked by CCWH - 4/11/2015 at 1:45 AM
Hello all,
Now we are getting into more multiple SM servers I want to start looking at more than just file/data backup resiliency.  The hardware is power/network resilient so it's time to look at SmarterMail MX....
We currently do not have any Backup MX or Failover configured for any mail server.  I have read Pros and Cons for both having Backup MX, Failover and just file backup.
I understand that RFC compliant mail servers should retry sending mail and therefore the need for a Backup MX could be overkill, however we all know that there's lots of non-compliant mail servers out there.
My questions are...what do you have in your environment?  Do you use or have used Backup MX/Failover using SmarterMail?  If so, what are your thoughts?  Also, any good implementation guides would be useful too!

4 Replies

Reply to Thread
Merle Wait Replied
Thats  a lot of questions to answer.... 
So I will try to answer from our perspective...
a.) Our "Failover" machine is physically in another location. 
     If the "main" box, can't be contacted within 5 minutes, the Failover machine kicks off.
     (how we move data between the two, is a different discussion.)
    ** We did check with SM, that as long as we have an Enterprise license AND one 
        machine will not be running, when the other is up, we are compliant with license.
b.) Told you # a.) first, because to support our process, we have two 
     "gate MX servers" that handle incoming mail.  We are, or will be, once we get a
      bug ironed out with SM, be using SM exclusively for this purpose.
c.) We have own process to dynamically control DNS to coincide with #a.) switches....
Our position is this:  Our email HAS to be available... not having a redundant 
process is not an option for us.   
In reflection... we actually practice BCP (business continuation procedures) .. 3 times a year.
I know we are anal... but we learn something new everytime.  Being in the mid-west our concern is more suffering from a natural disaster, where a specific site could be down for many hours, if not days.
To me, it really depends on your business requirements.  The cost for hardware and software is not monumental .. in comparison to effects of being unavailable ( in our estimation).
CCWH Replied
Thanks Merle. We are looking at all options at the moment.
Bruce Barnes Replied
Here's another, potential, option:
We have a client who has successfully implemented volume shadow copy, on a regular basis.
The VSC is then ftpd to two other servers, one in St Louis, and one in California.
A routine monitors the SmarterMail server from outside the network, and, if it cannot be reached for more than 2 minutes, re-routes the mail services to one of the other services by re-writing the DNS entries to point to the box that has been made live.
The scripts are all proprietary, and I don't have them available to post - would also need permission to do so, but I can ask and see if they will share them.
Bruce Barnes
ChicagoNetTech Inc

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
Robbie Wright Replied
HA for SM is unfortunately not the easiest thing out of the box. We have a backup MX server (another SM install) that is the secondary MX for all of our hosted domains. It is in a different data center that our primary MX server. This way, anything can happen to the primary MX server (hardware failure, IaaS provider outage, network issue, etc, etc) and our own MX server will catch all of the incoming email. Having the backup MX gets the email into our infrastructure as quickly as possible and you will not be waiting on potentially non-compliant servers to resend your customers mail to them as some predetermined window that you do not know.
I would like to see better support for HA setups for SM and have multiple installs accessing the same domain folder structure. Like Bruce mentioned, his client has to FTP its files to the other DC and have a DNS script that moves records. In a perfect world, you'd have two mailbox servers public facing (or more) all access shared storage for emails. You can easily load balance servers with DNS or a load balancer but SM can't handle two servers hitting the same data store. You also have a ton of different options for file replication (aside from FTP) with Amazon, Azure, or nearly any of the SAN providers like EMC. This would be separate from your (hopefully) redundant edge gateways that are doing your edge security/spam.

Reply to Thread