I've had Postfix/amavisd-new/SpamAssassin/ClamAV/Courier running smoothly on my toaster for a while, thanks to Christoph Haas. Paranoid thoughts have since crept in; what would happen if my toaster were to stop working?
Luckily, I'm the kind of guy who has an old laptop many miles away, quietly humming away under my parents' desk. (No, I don't live in my parents' basement) This would do nicely as a backup MX!
My victim in this case is a Toshiba PIII 700 with a dizzying 64MB RAM, on which I've installed Ubuntu breezy. My parents have a dynamic IP address, which seldom changes in practice. Usually, it's not practical operate a mail server on a dynamic IP because many major ISPs like Yahoo and AOL block any mail from such IP ranges. In this case I'm not concerned, the purpose of a backup MX is to hold on to mail until the primary MX becomes available again, so it is only delivering mail to servers under my control (I will not block my own mail!).
I need to give the backup MX a hostname, I've chosen mail2.toastputer.net - I'm so creative. Fortunately, toastputer.net is hosted by dyndns.org, so I will set the laptop to update it's ip address with ddclient.
# apt-get install ddclient
ddclient works with other services like Hammernode, Zoneedit and EasyDNS. It is very easy to set up.
Lets get on with it and install postfix:
# apt-get install postfix
I chose 'no configuration', because I wanted complete control. Once Postfix is installed, cd to /etc/postfix and sudo vi main.cf
Here's my main.cf with comments to explain what's going on:
#This is the default and will do for me<br /><br />smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)<br /><br />#Notifies users of new mail using comsat. Since I have no local users or comsat, seems sensible to turn it off<br /><br />biff = no<br /><br /># appending .domain is the MUA's job. - disable rewriting of user@host to user@host.domain<br /><br />append_dot_mydomain = no<br /><br /><br /><br />#Trust no-one except yourself. IP addresses in mynetworks can relay mail to any address<br /><br />mynetworks = 127.0.0.1/8<br /><br /><br /><br />#Listen on all ip addresses<br /><br />inet_interfaces = all<br /><br /><br /><br />#Who we will accept mail for<br /><br />relay_domains = hash:/etc/postfix/relays<br /><br />#Where it will be sent<br /><br />transport_maps = hash:/etc/postfix/transport<br /><br /><br /><br />smtpd_recipient_restrictions = permit_mynetworks, check_relay_domains<br />
Here is /etc/postfix/transport:
stocksy.co.uk smtp:mail.toastputer.net<br /><br />mattsfoolsgold.co.uk smtp:mail.toastputer.net<br /><br />#...etc<br />
and /etc/postfix/relays
stocksy.co.uk OK<br /><br />mattsfoolsgold.co.uk OK<br /><br />#...etc<br />
It's necessary to run # postmap /etc/postfix/transport and # postmap /etc/postfix/relays so that Postfix can read the files.
Restart Postfix:
/etc/init.d/postfix restart
Check that it actually works (from another host!):
$ telnet mail2.toastputer.net 25<br /><br />Trying 82.21.124.237...<br /><br />Connected to mail2.toastputer.net.<br /><br />Escape character is '^]'.<br /><br />Postfix: 220 mail2.toastputer.net ESMTP Postfix (Ubuntu)<br /><br />You: ehlo www.stocksy.co.uk<br /><br />Postfix: 250-mail2.toastputer.net<br /><br />Postfix: 250-PIPELINING<br /><br />Postfix: 250-SIZE 10240000<br /><br />Postfix: 250-VRFY<br /><br />Postfix: 250-ETRN<br /><br />Postfix: 250 8BITMIME<br /><br />You: mail from:<stocksy@SPAMMERSDIEstocksy.co.uk><br /><br />Postfix: 250 Ok<br /><br />You: rcpt to:<stocksy@NOSPAMMERSDIEstocksy.co.uk><br /><br />Postfix: 250 Ok<br /><br />You: data<br /><br />Postfix: 354 End data with <CR><LF>.<CR><LF%gt;<br /><br />You: Subject: Test message to test backup MX<br /><br />You: This is the message body.<br /><br />You: .<br /><br />Postfix: 250 Ok: queued as 47EDE57B81<br /><br />You: quit<br /><br />Postfix: 221 Bye<br /><br />Connection closed by foreign host.<br />
If you receive the email, good! If not, tail -f /var/log/mail.log should tell you why.
Check that you are not an open relay!
$ telnet relay-test.mail-abuse.org<br />
With this in place, I needed to update the MX records for my domain. This differs from provider to provider, but you must set your primary MX's priority lower than the backup, e.g:
$ dig mx stocksy.co.uk<br /><br /><br /><br />; <<>> DiG 9.2.2 <<>> mx stocksy.co.uk<br /><br />;; global options: printcmd<br /><br />;; Got answer:<br /><br />;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14586<br /><br />;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2<br /><br /><br /><br />;; QUESTION SECTION:<br /><br />;stocksy.co.uk. IN MX<br /><br /><br /><br />;; ANSWER SECTION:<br /><br />stocksy.co.uk. 7190 IN MX 5 mail2.toastputer.net.<br /><br />stocksy.co.uk. 7190 IN MX 0 mail.toastputer.net.<br /><br /><br /><br />;; AUTHORITY SECTION:<br /><br />stocksy.co.uk. 7190 IN NS ns17.zoneedit.com.<br /><br />stocksy.co.uk. 7190 IN NS ns8.zoneedit.com.<br /><br /><br /><br />;; ADDITIONAL SECTION:<br /><br />ns8.zoneedit.com. 172790 IN A 206.55.124.4<br /><br />ns17.zoneedit.com. 172790 IN A 209.126.159.118<br /><br /><br /><br />;; Query time: 3 msec<br /><br />;; SERVER: 172.16.0.81#53(172.16.0.81)<br /><br />;; WHEN: Sun Nov 27 18:43:02 2005<br /><br />;; MSG SIZE rcvd: 169<br />
Test it. Stop the MTA on your primary MX and send yourself some email from gmail (or something). If you $ tail -f /var/log/mail.log on your backup MX, you'll see the mail queuing up. Start your MTA again and it'll get delivered to you. Use # postqueue -f if you are impatient.
REFERENCE
http://www.stocksy.co.uk/articles/Linux/postfix_as_a_backup_mx_host/
