External mailserver with backup MX

  • HOWTO external mailserver including backup-MX


    modification of DNS-templates:
    /etc/imscp/bind/parts/db_e.tpl


    Code
    1. $TTL 12H$ORIGIN {DMN_NAME}.@ IN SOA ns1.{DMN_NAME}. postmaster.{DMN_NAME}. (; dmn [{DMN_NAME}] timestamp entry BEGIN. {TIMESTAMP} ; Serial; dmn [{DMN_NAME}] timestamp entry END. 8H ; Refresh 2H ; Retry 7D ; Expire 1D ; Minimum TTL); ns DECLARATION SECTION BEGIN IN NS ns{NS_NUMBER}.{DMN_NAME}.; ns DECLARATION SECTION END; IN MX 10 mail.{DMN_NAME}. ;see next line IN MX 20 mx20.{DMN_NAME}.{DMN_NAME}. IN {IP_TYPE} {DMN_IP}www IN {IP_TYPE} {DMN_IP}{DMN_NAME}. IN TXT "v=spf1 a mx {TXT_DMN_IP_TYPE}:{DMN_IP} {TXT_SERVER_IP_TYPE}:{BASE_SERVER_IP} ~all"localhost IN A 127.0.0.1;mail IN {IP_TYPE} {DMN_IP} ;see next linemx20 IN {IP_TYPE} {DMN_IP}; ns A SECTION BEGINns{NS_NUMBER} IN {NS_IP_TYPE} {NS_IP}; ns A SECTION END; CNAME for mail transferimap IN CNAME mailpop IN CNAME mailpop3 IN CNAME mailrelay IN CNAME mailsmtp IN CNAME mail; CNAME for web transferftp IN CNAME www; sub [{SUB_NAME}] entry BEGIN.; sub [{SUB_NAME}] entry END.; dns [{MANUAL_DNS_ID}] entry BEGIN.; dns [{MANUAL_DNS_ID}] entry END.; ctm domain als entries BEGIN.; ctm domain als entries END.


    /etc/imscp/bind/parts/db_master_e.tpl

    Code
    1. $TTL 12H$ORIGIN {DMN_NAME}.@ IN SOA ns1.{DMN_NAME}. postmaster.{DMN_NAME}. (; dmn [{DMN_NAME}] timestamp entry BEGIN. {TIMESTAMP} ; Serial; dmn [{DMN_NAME}] timestamp entry END. 8H ; Refresh 15M ; Retry 4W ; Expire 3H ; Minimum TTL) IN NS ns1.{DMN_NAME}. IN NS ns2.{DMN_NAME}.; IN MX 10 mail.{DMN_NAME}. ;see next line IN MX 20 mx20.{DMN_NAME}.{DMN_NAME}. IN A {DMN_IP}www IN A {DMN_IP}{DMN_NAME}. IN TXT "v=spf1 a mx ip4:{DMN_IP} ip4:{BASE_SERVER_IP} ~all"localhost IN A 127.0.0.1;mail IN A {DMN_IP} ;see next linemx20 IN A {DMN_IP}ns1 IN A {BASE_SERVER_IP}ns2 IN A {SECONDARY_DNS_IP}; CNAME for mail transferimap IN CNAME mailpop IN CNAME mailpop3 IN CNAME mailrelay IN CNAME mailsmtp IN CNAME mail; CNAME for web transferftp IN CNAME www; sub [{SUB_NAME}] entry BEGIN.; sub [{SUB_NAME}] entry END.; ctm domain als entries BEGIN.; ctm domain als entries END.


    We dont need to modify already existing domains in bind cache, i-MSCP will update the zones automatically on next run.


    Now we need to add two custom DNS zone's records in i-MSCP (login/change to customer / manage domains) for the domain, which is meant to become a backup MX with an external mailserver:


    Domain: domain.tld
    Type: A
    Class: IN
    Name: mx10.domain.tld.
    IP-address: IP of the external Mailserver


    Domain: domain.tld
    Type: MX
    Class: IN
    Priority: 10
    Target host: mx10.domain.tld.


    Please don't forget the trailing dot in the name and target host fields!


    In case the external mailserver is offline, mails will be delivered to the backup-MX. Now we will configure postfix to relay those mails to the external server and retry until it accepts delivery again.


    Edit /etc/postfix/main.cf and add the line:
    relay_domains = hash:/etc/postfix/relay_domains
    Reflect this modification also to /etc/imscp/postfix/working/main.cf


    Remove or comment out all domains with an external mailserver from /etc/postfix/imscp/domains
    Reflect that also to /etc/imscp/postfix/working/domains


    Create new file /etc/postfix/relay_domains
    Add all domains with external mailserver to this file with following syntax:
    domain1.tld OK
    domain2.tld OK
    domain3.tld OK


    Make the changes in "virtual domains map" and the new "relay domains map" known to postfix:
    postmap /etc/postfix/imscp/domains
    postmap /etc/postfix/relay_domains
    /etc/init.d/postfix restart


    Now our hostingserver acts as backup-MX and will receive mails to local mailboxes and will relay all mails that have no local mailbox through MX record. To avoid spam-delivery postfix will only relay mails for domains in the relay domains map.


    Even if you manage your DNS zones on an external nameserver, the changes to DNS templates are important, because postfix resolves the MX record locally.
    So if you manage your domains externally, there is an additional step to do. you need to add folowing records in your external nameservers zone.
    mx10. IN A <IP of external mailserver>
    mx20. IN A <IP of hostingserver>
    IN MX 10 mx10.
    IN MX 20 mx20.


    Not very common and really not suggested to run an mailserver on dyndns, but still you can do so. In this case you don't need the A record in DNS zone in i-MSCP


    add custom DNS zone's record in i-MSCP (login/change to customer / manage domains)
    Domain: domain.tld
    Type: MX
    Class: IN
    Priority: 10
    Target host: meinhost.dyndns.org.


    Here you should not forget the trailing dot also ;)


    with external nameserver:
    mx20. IN A <IP of hostingserver>
    IN MX 10 meinhost.dyndns.org
    IN MX 20 mx20.


    With a mailserver on dyndns you can expect the backup-MX will have more often to relay bad delivered mails ;)


    Please don't copy DNS templates from this howto, incorporate the modifications manually, DNS templates can differ depending on i-MSCP version.


    I made also a simple script to add/remove domains to postfix virtual domains map and relay domains map, use it at your own risc.
    Usage: bash ./script.sh domain.tld enable|disable



    Suggestions are welcome. Use the howto and the script at your own risk, i am not responsive for any damage.

  • You can test this feature in master now. Please keep in mind that master is not usable and some problem may be still to fix. Any help testing and new proposal are more then welcome.

  • hello sci2tec,


    relay_domains is not working... when we create an external mail server, the domain is correctly removed from virtual domains map ( /etc/postfix/imscp/domains ), but is not added to relay domains ( /etc/postfix/imscp/relay_domains ). this is needed to relay emails that were wrongly delivered to the imscp server (backup mx) again to external mailserver if no responding mailbox is found on backup mx.


    another issue is, the field domain_dns in table domain_dns is always empty. when selecting type mx the only option available is * for wildcard mx, default is empty. there should be the domain as default value and disallow empty. wildcard is optional.
    in dns zone the record looks like this
    IN MX 10 mail.test.com.
    instead of
    domain.tld. IN MX 10 mail.test.com.
    or
    * IN MX 10 mail.test.com.
    since the custom records are outside of $ORIGIN of the zone, they should contain the origin domain. at least this is what i learned many years ago, sorry if i am wrong here.


    great work, thank you very much. and sorry for bad english :)

    Edited once, last by flames ().