Postfix Backup MX

G.D. Wusser Esq. · Dec 18, 2014, 4:57 AM

Hi,

I came across a message that pfSense Postfix package can be used as a backup MX server. That is, when the main MX goes down, hold messages for minutes-hours-days, and then relay the messages to the main MX server when it comes back online.

I just loaded the package, and it looks like backup MX mode needs manual configuration.

Are there any pfsense specific examples available?

Thank you.

biggsy · Dec 18, 2014, 7:28 AM

Hi,

Is this the post you are talking about?

I guess it would depend on whether you are using pfSense/postfix as a front-end to your real mail server as well. That could be trickier.

If you're not, I don't see anything in that post that would require you to manually configure the main.conf file.

These things are pretty much as recommended in the post: "First make sure that smtpd_recipient_restrictions contains permit_mynetworks and reject_unauth_destination"

Similarly, these things are as described:

mydestination
virtual_alias_domains
virtual_mailbox_domains

Not sure about the queuing part but I have certainly seen postfix queue messages until I corrected a misconfiguration that led it to think the mail server wasn't alive.

Worth a try.

G.D. Wusser Esq. · Dec 18, 2014, 4:23 PM

Thank you for your reply. The link you posted is one of the general examples.

The default configuration of the pfSense Postfix package will not hold messages if the mail server goes down. Somebody else asked a similar question on these forums, and the gist of the discussion was that it should be possible. I was just wondering if somebody already has a working recipe.

I will dig into this today and post my findings.

marcelloc · Dec 18, 2014, 5:40 PM

@G.D.:

The default configuration of the pfSense Postfix package will not hold messages if the mail server goes down.

It will hold messages and will work as an mx backup.

Just configure general and domain tabs. For an extra config for valid recipients, check recipient tab.

G.D. Wusser Esq. · Dec 18, 2014, 7:36 PM

You are probably right, but it looks like something needs tweaking
.
What is causing the following messages, when the primary MX is down?

450 4.1.1
Recipient address rejected: unverified address: Address verification in progress

Is Postfix trying to query the main MX if the recipient is valid? Obviously that will not work when the main MX is down.

marcelloc · Dec 19, 2014, 5:21 AM

@G.D.:

Is Postfix trying to query the main MX if the recipient is valid? Obviously that will not work when the main MX is down.

At least using ldap perl script on AD, if the MX is offline, it uses current list until a new one is fetched.

G.D. Wusser Esq. · Dec 21, 2014, 1:34 AM

No LDAP on this setup, just a hard-coded list of valid recipients.

I switched the Header verification from Strong to Basic, and “Address verification in progress” rejections stopped.

Maybe, in the future, it would be nice to have more granular control over header verification options, where individual ones could be checked on and off; perhaps with ones that require server verification grouped together, for easier configuration of backup mail exchanges.

Thank you.

jimp · Dec 29, 2014, 7:15 PM

FYI- In theory / on paper this sounds good but in practice you might find, as I have, that spammers tend to hit your backup MX harder than the primary since backup mail servers tend to have less stringent spam controls.

Not saying it's a bad idea to have a backup MX, it's a great idea, but be forewarned / prepared for what may come.

sektor · Jan 3, 2018, 4:42 AM

Sorry to revive an old topic but I am actually curious about this setup.

Gertjan · Jan 3, 2018, 10:55 AM

A high priority mail server - the main MX - and a lower priority server, the backup MX - have exactly the same setup from a "pfSense point of view".

sektor · Jan 14, 2018, 4:02 PM

I know how that works, but I was just wondering if it was possible to do it with pfsense should my main server be down briefly.

Gertjan · Jan 15, 2018, 6:05 AM

I'm using myself a "3 € a month" small dedicated VPS system as my backup MX, running postfix.
As Jimp said above, this server backup MX gets hit rather often (mine does), because many spammers do not send mail to to main MX, but directly to the back MX.
This means that all mail filtering, present on your main MX should also be present on your backup MX.

This means for me :
fail2ban,
grey listing,
amavis (spamassassin and clamav and their boatload of plugins
which implies full MySQL support

The thing is : all these kind of programs just don't belong on a firewall.

Btw : many voices just state : "do not use a MX backup, you don't need it" because the defition of the mail protocol says : "if the destination server can't be reached, the mail should be queued for a day or so …" which means that if things go bad, you have a day "click it to work".

jimp · Jan 15, 2018, 3:14 PM

The only downside of not having a backup MX is having to wait hours (4+) for retries to come through, or longer if it's a prolonged outage. It's not the end of the world, though, messages will be resent.

If you botch the backup MX config then it could be worse. You could accidentally reject mail and never receive it, or let even more spam through on a continuing basis.

The best backup MX is an exact duplicate of your primary mail server hosted off-site.