backup mx documentation for
Question asked by Robbie Wright - 9/11/2014 at 10:19 AM
Unanswered
Setting up a backup mx in another DC and had quick question. We've got SM installed, incoming gateway config'd for our main install and user verification is set to web service. SM gateway is checked with valid user creds. In the thread that describes the setup, the (current) last comment on there from Brian says that the backup mx checks with the main mail server periodically.
 
http://portal.smartertools.com/kb/a2668/configure-smartermail-as-a-backup-mx-server.aspx
 
We've had it all setup for a few hours now but in our testing we keep getting bounces from the backup mx server that says the user doesn't exist, even though it is on the main mail server.
 
So does anyone know the actual time frame that the backup mx servers sync with the main mail server for domain/users lists?

7 Replies

Reply to Thread
0
Steve Reid Replied
I'm pretty sure that it should work right out of the box. I always test the exact details I'm entering by using a web browser from the backup to ensure it can connect to the main server...
0
Scarab Replied
There is a difference between Backup MX and Domain Forward in your Incoming Gateway settings in Smartermail. Backup MX will accept all email, regardless of who it is addressed to, and attempt to deliver when the designated IP is available again, whereas Domain Forward (when Smartermail Gateway Mode is enabled) will validate each user before accepting the email. 
 
As such, a Backup MX will generate a considerable amount of non-deliverable responses as it is blindly accepting email that it will try to deliver to the designated IP that may not be ultimately accepted by your primary Smartermail server (due to SMTP Blocking, Incoming Spam Weight Threshold, etc., along with the usual 500 errors such as "550 - No Such User Here").

Important Note: Be sure to add your Backup MX IP to your SECURITY > ANTISPAM ADMINISTRATION > BYPASS GATEWAYS. That may resolve your problem, especially if the Backup MX triggered your primary Smartermail's IDS.
0
Robbie Wright Replied
Steve, Scarab, thanks for the replies. Still having issues with getting this to work right, just like this guy did. We have the incoming gateway config'd on the backup server to use the web service for user verification from the main server. DNS resolution is working fine from the backup server and I can telnet to port 25 on the main server from the backup server. We have no domains config'd on the backup server running 12.3. The guy in the link had a problem with the MX records not matching the IP he setup in his incoming gateway, but that is not that case in our setup. Still scratch my head....
0
Steve Reid Replied
I have always used the backup mx option with web services enabled for user validation. This method also only accepts email for actual users on your primary. I would really like to know the actual difference between the backup mx option and domain forward.

Also I did not have my backup's ip in the bypass gateway section, I've added it now and I'm hoping it might resolve some issue I've been having.
0
Robbie Wright Replied
Still having issues today with getting it to work. The backup mx appears to think it is that primary server for any domain we test, even when there are no domains setup on it. I can browse to the user management wsdl from the backup mx server without issue so it seems to me that even though the backup mx has no domains and has an internal gateway setup, it still isn't functioning quite right. Unless I'm missing something easy. 
 
Also, I'm not sure about whitelisting. 1, it isn't a problem yet because our primary server isn't even receiving any mail from our backup mx. 2, any joe blow can find the IP's of your MX servers, spoof your IP, and then get past all of our spam mechanisms...
0
Colin M Replied
Adding a Backup MX as a Bypass Gateway is a very poor solution if the Backup MX doesn't do it's own spam filtering..
0
Steve Reid Replied
Yes I have since removed them from the bypass gateways, as I have spam checks enabled on my backups.

Reply to Thread