Backup MX on a Dynamic IP address

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
User avatar
maggiore81
Normal user
Normal user
Posts: 171
Joined: 2008-01-11 16:02
Location: near Ravenna (Italy)
Contact:

Backup MX on a Dynamic IP address

Post by maggiore81 » 2010-01-07 16:27

Hello
I would like to ask you this:

I have my primary MX:

mail2.domain.com (primary mailserver) MX priority 10
then I have a backup MX record: backupmx.domain.com that points to two differents IP (two separate machines on two separate connectivity, to let them act as a round-robin) MX priority 20

backupmx.domain.com - 100.100.100.111 and 200.200.200.222 on two different mailservers (backup)
they work perfectly everyone on hmail latest stable release.

Now I have this idea:

If I put on an old box on a dynamic ADSL range, and I create on it a dyndns as mailbackup.dyndns.org for example, I could point a backup mx (MX Priority 30) on this hostname (that points to a dyn ip).

IT could teoretically work, but I have this question:

since the mailbackup.dyndns.org is on a range of ip of spamhaus, I would like to avoid that the main server refuse it.
I could let the backup MX login to the mainserver with SMTP auth (from the mailbackup.dyndns.org to the mail2.domain.org)

How could I configure it?

On the route configuration page, I could set the SMTP auth. The question is: with username/password should I use on the backup server to login on the main server?
Mr. Spadoni
Network Administrator
--
Spadhausen ISP
admin (at) spadhausen . com

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Backup MX on a Dynamic IP address

Post by martin » 2010-01-07 20:31

> with username/password should I use on the backup server to login on the main server?

You should use an account set up on the main server... Set up an account named something@example.com with a hard-to-guess password and authenticate using that.

User avatar
maggiore81
Normal user
Normal user
Posts: 171
Joined: 2008-01-11 16:02
Location: near Ravenna (Italy)
Contact:

Re: Backup MX on a Dynamic IP address

Post by maggiore81 » 2010-01-07 20:47

Hello Martin, thank you for your answer.
So I should create a dummy domain name and create a relative mailbox (fake) just to have an username/password combination to use to authenticate on the server using smtp protocol.

Thank you for your answer.
Mr. Spadoni
Network Administrator
--
Spadhausen ISP
admin (at) spadhausen . com

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Backup MX on a Dynamic IP address

Post by martin » 2010-01-07 21:19

Yes, correct.

User avatar
maggiore81
Normal user
Normal user
Posts: 171
Joined: 2008-01-11 16:02
Location: near Ravenna (Italy)
Contact:

Re: Backup MX on a Dynamic IP address

Post by maggiore81 » 2010-01-09 10:41

Hello
I have created a dummy domain name
the problem is that the backup mx on the dynamic ip range, is on a range that is blocked by SPAMHAUS.

Since the ip check happens before the remote mx can auth on my local mailserver, it is being blocked.
how can I solve this?
Mr. Spadoni
Network Administrator
--
Spadhausen ISP
admin (at) spadhausen . com

User avatar
maggiore81
Normal user
Normal user
Posts: 171
Joined: 2008-01-11 16:02
Location: near Ravenna (Italy)
Contact:

Re: Backup MX on a Dynamic IP address

Post by maggiore81 » 2010-01-09 11:05

I have partially solved using as the destination smtp server of the route, the authorized smtp of the ISP where the backup mx (on the dyn ip) is located.
Mr. Spadoni
Network Administrator
--
Spadhausen ISP
admin (at) spadhausen . com

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Backup MX on a Dynamic IP address

Post by martin » 2010-01-09 11:08

Since the ip check happens before the remote mx can auth on my local mailserver, it is being blocked.
No, the IP check performed as a part of anti spam is performed after the SMTP authentication.

User avatar
maggiore81
Normal user
Normal user
Posts: 171
Joined: 2008-01-11 16:02
Location: near Ravenna (Italy)
Contact:

Re: Backup MX on a Dynamic IP address

Post by maggiore81 » 2010-01-09 11:18

Hello Martin
Here is my log:
the anti spam check is performed at the very beginning of the connection.
The backup mx accepts the message, then connect to the mail2.domain.com (the smtp indicated in the route)
hello
mail from xx@xx.com
error 550 rejected by ......

the backup mx doesnt auth to the server because it got rejected after it tells where the message is from.
I have set on the route settings that it need to to remote auth.

I have the same issue from some customers that need to send email through my server and on their clients is set smtp auth.
I need to put their sender addresses to the whitelist, or they cannot send because they get rejected at the very beginning of the connection.
Mr. Spadoni
Network Administrator
--
Spadhausen ISP
admin (at) spadhausen . com

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Backup MX on a Dynamic IP address

Post by martin » 2010-01-09 11:19

That's not a log. :)
the backup mx doesnt auth to the server because it got rejected after it tells where the message is from.
Authentication should be done before the MAIL FROM command - not after.

User avatar
maggiore81
Normal user
Normal user
Posts: 171
Joined: 2008-01-11 16:02
Location: near Ravenna (Italy)
Contact:

Re: Backup MX on a Dynamic IP address

Post by maggiore81 » 2010-01-09 11:23

martin wrote:That's not a log. :)

Hello
that log is difficult to do copy and paste now, I will try to download it later.


the backup mx doesnt auth to the server because it got rejected after it tells where the message is from.
Authentication should be done before the MAIL FROM command - not after.
Well, I just use the mail servers, not program it. How can I set on my side?
Mr. Spadoni
Network Administrator
--
Spadhausen ISP
admin (at) spadhausen . com

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Backup MX on a Dynamic IP address

Post by martin » 2010-01-09 11:26

Have you set up a route on the backup SMTP server? Or are you using SMTP relay feature? Have you specified SMTP authentication on the backup server?

User avatar
maggiore81
Normal user
Normal user
Posts: 171
Joined: 2008-01-11 16:02
Location: near Ravenna (Italy)
Contact:

Re: Backup MX on a Dynamic IP address

Post by maggiore81 » 2010-01-09 11:32

martin wrote:Have you set up a route on the backup SMTP server? Or are you using SMTP relay feature? Have you specified SMTP authentication on the backup server?
Hello
I configured the backup mx as every backup mx I have (using static addresses) (as your page of the manual "act as a backup mx)


So:

domain. spadhausen.org
target smtp: mail2.spadhausen.com:25 (the main mail server)
sender - remote email
recipient - local

------
delivery page:
retries: 500
minutes: 15

server uses auth (just used this time, in my backupmx scenario all the backup mx has static ip so I have not problems)

username xxxxxx
pass xxxxxxx

I am reading on your page:

http://www.hmailserver.com/documentatio ... _mx_backup

I think that there is an error:

"Select that sender should be treated as external and recipients as local.

When someone sends an email from the route domain name, they should be treated as external. If someone sends an email to the domain name, it should be treated as local. This has the effect that hMailServer will allow delivery to the primary server without requiring SMTP authentication."

here is the problem. The server allow delivery to the primary withouth smtp auth.


So what I should do?

thank you
Mr. Spadoni
Network Administrator
--
Spadhausen ISP
admin (at) spadhausen . com

User avatar
maggiore81
Normal user
Normal user
Posts: 171
Joined: 2008-01-11 16:02
Location: near Ravenna (Italy)
Contact:

Re: Backup MX on a Dynamic IP address

Post by maggiore81 » 2010-01-09 12:13

I have solved the situation setting:
when sender matches route, treat sender as LOCAL
recipient. LOCAL

in this way my backupmx authenticates on the main mailserver
Mr. Spadoni
Network Administrator
--
Spadhausen ISP
admin (at) spadhausen . com

User avatar
maggiore81
Normal user
Normal user
Posts: 171
Joined: 2008-01-11 16:02
Location: near Ravenna (Italy)
Contact:

Re: Backup MX on a Dynamic IP address

Post by maggiore81 » 2010-01-12 12:10

Hello
I haven't heard anything from you Martin, is the problem solved as I did ???
Mr. Spadoni
Network Administrator
--
Spadhausen ISP
admin (at) spadhausen . com

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Backup MX on a Dynamic IP address

Post by martin » 2010-01-12 12:39

In your last post you mentioned that you had "solved the situation".

If the problem is solved to you, then the problem is solved...

User avatar
maggiore81
Normal user
Normal user
Posts: 171
Joined: 2008-01-11 16:02
Location: near Ravenna (Italy)
Contact:

Re: Backup MX on a Dynamic IP address

Post by maggiore81 » 2010-01-12 12:47

Hello
well, the problem is solved, but I really did not understand how I solved :)
------
I have solved the situation setting:
when sender matches route, treat sender as LOCAL
recipient. LOCAL
--------

I was just trying changing settings, but this feature is undocumented in the docs..

If the sender is remote and recipient local, the server forwards the msg through the route without using smtp auth, It could be a bug.
Mr. Spadoni
Network Administrator
--
Spadhausen ISP
admin (at) spadhausen . com

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Backup MX on a Dynamic IP address

Post by martin » 2010-01-12 13:04

You're setting up a backup server. Why should people have to authenticate when they send email to the primary server via the backup server? Most servers (such as gmail) won't be able to authenticate, and will therefore not be able to send via the backup server.
I was just trying changing settings, but this feature is undocumented in the docs..
What feature? The documentation for routes describes the security settings of the route - the settings we're talking about? The documentation explicitly says:
If you want external users (users on other email servers) to be able to send email to the route, select that "When recipient matches route, treat recipient as local". The default IP ranges in hMailServer permits delivery from external addresses to local addresses without any SMTP authentication.
You do know that you should set up the route on the backup server - not on the main server, right?

User avatar
maggiore81
Normal user
Normal user
Posts: 171
Joined: 2008-01-11 16:02
Location: near Ravenna (Italy)
Contact:

Re: Backup MX on a Dynamic IP address

Post by maggiore81 » 2010-01-12 13:54

Hello
I have not been too clear :)

Users has not to authenticate on a backup server!

The backup server is called "backup" because it is a backup MX. When someone have to send a message to mainserver.domain.com (the main server) and he is down, the message goes on the backup mx (the server I am configuring now).

External users has not to authenticate, obviously!
I want that the backup MX autehtnicates on the mainserver when it delivers the messages that were received when the main was offline!

If I have a backupmx on a dyn ip, the mainserver have to identify the backup MX when it sends email to it. Do you understand now?
The route is set on the backup MX!
I already have two backup MX configured according your documentations, and they work.

On the mainserver the IP (static) of the backup MX are insterted in the incoming relay section and they work correctly.
The backup MX DOES NOT AUTH on the main server when the backupmx gives the email messages received on it when the main was down.

The scenario is different if we have a backup mx on a dyn IP. I want that the backup MX authenticates on the main server when it delivers the emails.
Mr. Spadoni
Network Administrator
--
Spadhausen ISP
admin (at) spadhausen . com

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Backup MX on a Dynamic IP address

Post by martin » 2010-01-12 14:33

The backup MX DOES NOT AUTH on the main server when the backupmx gives the email messages received on it when the main was down.
Exactly how is the route set up?

I just tried to set up a route with the following settings:

Code: Select all

General:
Domain: gmail.com
Host: <my-isp-smtp>
When sender matches route, treat sender as remote.
When recipient matches route, treat recipient as local

Delivery:
My server requires authentication:
Username: test
Password: test
After this, I send a message to the domain gmail.com and SMTP authentication is being used.

How have you determined that SMTP authentication was not used?

User avatar
maggiore81
Normal user
Normal user
Posts: 171
Joined: 2008-01-11 16:02
Location: near Ravenna (Italy)
Contact:

Re: Backup MX on a Dynamic IP address

Post by maggiore81 » 2010-01-13 11:05

Hello
I have setup the same route on my server and the SMTP is NOT being used.

I see the logs and when my backup mx (on dyn IP) connects to the main server, it is immediately refused because its ip is on the spamhaus list.

According to the docs, the behaviour is normal:

http://www.hmailserver.com/documentatio ... _mx_backup
---------------
I think that there is an error:

"Select that sender should be treated as external and recipients as local.

When someone sends an email from the route domain name, they should be treated as external. If someone sends an email to the domain name, it should be treated as local. This has the effect that hMailServer will allow delivery to the primary server without requiring SMTP authentication."
------------------
The SMTP auth is NOT being usedin this scenario. I configured the route as you did and the smtp auth is NOT being used.
Mr. Spadoni
Network Administrator
--
Spadhausen ISP
admin (at) spadhausen . com

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Backup MX on a Dynamic IP address

Post by martin » 2010-01-13 11:10

Can you enable full logging on the backup server, reproduce the problem and then post the log here?

User avatar
maggiore81
Normal user
Normal user
Posts: 171
Joined: 2008-01-11 16:02
Location: near Ravenna (Italy)
Contact:

Re: Backup MX on a Dynamic IP address

Post by maggiore81 » 2010-01-13 11:24

OK
I will do it in a few hours
Mr. Spadoni
Network Administrator
--
Spadhausen ISP
admin (at) spadhausen . com

User avatar
martin
Developer
Developer
Posts: 6834
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Re: Backup MX on a Dynamic IP address

Post by martin » 2010-01-13 12:57

I'm going on a ski trip until monday so don't expect feedback before monday evening.

User avatar
mattg
Moderator
Moderator
Posts: 20960
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Backup MX on a Dynamic IP address

Post by mattg » 2010-01-13 14:31

Image
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

montebond
New user
New user
Posts: 4
Joined: 2010-02-10 17:55

Re: Backup MX on a Dynamic IP address

Post by montebond » 2010-02-10 18:04

I have some related questions
1. Can the back server also have different domains running on it?
example abc.com on main server
xky.com on on backup server and also act as backup for abc.com

2. Do i have to add all the users on the backup server or just the smtp route (as shown in the docs)

3. if i can have xky.com also be a backup for abc.com will mail from xky.com to abc.com be affected by the backup route?

(id like to set this up as a roundrobin between the 2 for high availablity with both at differnt locations and different t1s and was wondering if this is workable as stated)

User avatar
mattg
Moderator
Moderator
Posts: 20960
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Backup MX on a Dynamic IP address

Post by mattg » 2010-02-11 01:22

montebond wrote:I have some related questions
1. Can the back server also have different domains running on it?
example abc.com on main server
xky.com on on backup server and also act as backup for abc.com
yes
montebond wrote:2. Do i have to add all the users on the backup server or just the smtp route (as shown in the docs)
Just the SMTP route as per the docs
montebond wrote:3. if i can have xky.com also be a backup for abc.com will mail from xky.com to abc.com be affected by the backup route?
Mail should always be delivered to the lowest priority. Mail sent to the next highest priority will then be forwarded to main server later as it becomes available. Some SPAMMERs send to the highest priority as a <back door>. Way to beat them is is have three priorities. 1 = main server, 5 = backup server, 10 = main server. Works a treat.
montebond wrote:(id like to set this up as a roundrobin between the 2 for high availablity with both at differnt locations and different t1s and was wondering if this is workable as stated)
Absolutely. That's the exact intention of a backup server.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

montebond
New user
New user
Posts: 4
Joined: 2010-02-10 17:55

Re: Backup MX on a Dynamic IP address

Post by montebond » 2010-02-12 05:35

thanks alot I kinda thought so from the reading , but I wanted someone to give me alittle heads up before I went in and made alot of changes.

Post Reply