Static Routing hops ...

[AJMarshall]

I have 2 AMS configured at 2 locations ... the same domains are on each server, but only live on one server. That is:

Server 1 - location 1
abc.com - live
xyz.com - live
123.com - backup

Server 2 - location 2
abc.com - backup
xyz.com - backup
123.com - live

My problem is with SPAMMERS AND MX records. I have published mail. and altmail. as MX 10 and MX 20 respectively with the appropriate IP addresses of the 2 servers. When my mail. server is unavailable (or someone sends via altmail. - SPAM!) sometimes that backup mail server hops 51 times and bounces the message. This also happens legitimately - if my MX 10 server takes a moment to respond - the MX 20 server will answer and handle the mail - as desired.

I have the static setting at independent and auto as recommended and have played with different settings for mail queue delay and timeouts ... this continues to occur.

If the server at my MX 10 record is not available, I want the server at my MX 20 record to hold on to the mail until which time my MX 10 server is available. I appreciate polite responses to the sender about delay, but a 51 hop count error should not happen (esp. since both mail servers are mostly always available!)

Is there a better (recommended) method of configuring the AMS to handle a local domain on once server and a backup domain on another?

Thanks in advance for any recommendations!
Alan

[m1byo]

Hello Alan,

I am running a similar configuration here and I have had it working without a problem.

It seems to me that the cause of this problem is becuase you have the backup-static route defined as Independent/Auto, this is great for *normal* outgoing messages as it will lookup the DNS MX records for the target mail domain and send the email to it.

This however will cause a problem with your backup-server configuration because each time the backup-server tries to forward an email the main mailbox-server, the MX lookup (as a result of being in independent mode) will return both the backup-server and the mailbox server records, it will then select one of the 2 servers from this list (one of which the mails are already at) this will cause the loops with the emails.

To resolve this, I would recomend that the static route for each domain is pointed directly at the main mailbox server which will then ensure that the mails will only have a maximum of 1 additional hop caused by utilising the backup server.

For your reference, my configuration is as follows:

Mail Queue
Lifetime: 4320 Mins (72 Hours)
Resend Delay: 10 Mins

Mail Route:
Relay Mode
Host: mail.123.com (direct mailbox server address)
Port 25

I hope this helps, and more importantly, I hope this works.

Kind Regards

Ian

[AJMarshall]

Hello Ian,

Thank you for your reply. In the past I had attempted those settings but I believe I was confused by the SMTP Auth settings checkbox ...

I have made the setting changes as you described - seems very logical to me.

I'll see what happens over the weekend.

Thank you again,
Alan

[Code Crafters]

What m1byo said is correct. Using independent mode will cause the backup mail server to deliver to itself when the primary is offline causing an infinite mail loop. You should do the following setup.

Primary mail server (lowest mx priority):
Stores all local accounts under normal mode domains using independent outgoing mails or relaying via your ISPs SMTP server.

Secondary mail server (higher mx priority):
Has backup domains for all your local domains on the primary and has outgoing mails set with relay mode (main outgoing route not static route) to forward all mail to the primary once its back online with a decent lifetime (perhaps several days). This will mean that mail for the primary mail server doesn't leave the secondary until the primary is back online.

You should also enable SMTP authentication on both mail servers so that mail to non-local domains without authentication is blocked.

[AJMarshall]

Hi Chris,

The looping has stopped with Ian's suggestions.

I like what you suggest on the secondary mail server - using the main outgoing route, however there is one domain that is local to the otherwise secondary server (see my original post.) I believe that I can not accomplish your recommendation without having ALL mail leave the server via the other site (then I wouldn't know how to handle the other site!) Please tell me if I am wrong.

I haven't setup SMTP auth as you suggested - I have to further investigate how to accomplish that!

I am having another interested thing happen at this point ... I'll gather more facts and make another post as it (I believe) is not related with static routes.

Thanks!
Alan

[Code Crafters]

In that case then you should set up a normal outgoing route to the Internet but set up static routes for all of your backup domains so that they are routed directly to your primary mail server (relay mode).

You must enable SMTP authentication in the SMTP settings to prevent your mail server being an "open relay". Being and open relay means that basically any unauthorised users can send mail (often SPAM) via your mail server resulting in it potentially being black listed as a SPAM source. Note that backup domains will automatically authenticate with SMTP authentication but you can limit the backup domain user list to a file list of email addresses if you want to make this even more secure.