In this tutorial I will show how you can set up a Postfix mailserver as a backup mail exchanger for a domain so that it accepts mails for this domain in case the primary mail exchanger is down or unreachable, and passes the mails on to the primary MX once that one is up again.
I do not issue any guarantee that this will work for you!
1 Preliminary Note
I want to set up a backup MX for the domain example.com. In this example the primary MX for example.com is called mx1.example.com (IP address 188.8.131.52), so I call the backup MX mx2.example.com (IP address 184.108.40.206).
I have created MX records for example.com that look like this:
example.com. 86400 IN MX 10 mx1.example.com.
example.com. 86400 IN MX 20 mx2.example.com.
It's important that the primary MX has a lower number (10) and therefore a higher priority than the backup MX (20).
I'm assuming that the Postfix on mx2.example.com is already installed and working.
2 Configuring Postfix On mx2.example.com
To make mx2.example.com a backup MX for the domain example.com, all we have to do is change/add three lines to /etc/postfix/main.cf:
First make sure that smtpd_recipient_restrictions contains permit_mynetworks and reject_unauth_destination, so something like this would be ok:
Then we must add example.com to the relay_domains paramater; if there's no relay_domains paramater yet in /etc/postfix/main.cf, the following will do:
[...]<br />relay_domains = $mydestination, example.com<br />[...]
And finally we add an empty relay_recipient_maps parameter to /etc/postfix/main.cf:
[...]<br />relay_recipient_maps =<br />[...]
(That way we don't have to specify a list of valid email addresses to back up, which might be a daunting task if you have to manage hundreds of email accounts.)
There's one important thing I have to add: You must not list example.com in the following parameters in /etc/postfix/main.cf:
That's it already. All we have to do now is restart Postfix:
To test the new backup MX, we take down the MTA (Postfix, Sendmail, Exim, etc.) on mx1.example.com and send an email from some remote server to an example.com account (e.g. firstname.lastname@example.org).
If you have access to the mail log on the remote (sending) server, you should now find something like this in it:
Jun 6 18:29:16 mail postfix/smtp: AF814144146: to=<email@example.com>, relay=mx2.example.com[220.127.116.11], delay=1, status=sent (250 2.0.0 Ok: queued as DCA5A1BF40F)
As you see, the mail has been sent to mx2.example.com instead of mx1.example.com because mx1.example.com is unreachable. Now, let's take a look at the mail log of mx2.example.com:
Jun 6 18:29:16 mx2 postfix/qmgr: DCA5A1BF40F: from=<firstname.lastname@example.org>, size=892, nrcpt=1 (queue active)
Jun 6 18:29:16 mx2 postfix/smtpd: disconnect from mail.blabla.tld[18.104.22.168]
Jun 6 18:29:16 mx2 postfix/smtp: connect to mx1.test1.de[22.214.171.124]: Connection refused (port 25)
Jun 6 18:29:16 mx2 postfix/smtp: DCA5A1BF40F: to=<email@example.com>, relay=none, delay=0.07, delays=0.03/0.02/0.01/0, dsn=4.4.1, status=deferred (connect to mx1.test1.de[126.96.36.199]: Connection refused)
mx2.example.com has accepted the mail and tried to connect to mx1.example.com to deliver it to the primary MX. Because the primary MX is down, mx2.example.com cannot deliver the mail and keeps it in the mailqueue until mx1.example.com is available again.
Now we start the MTA on mx1.example.com again. The backup MX will not immediately deliver the queued mail, but after some minutes you should see something like this in the mail log of mx2.example.com:
Jun 6 18:56:44 mx2 postfix/qmgr: DCA5A1BF40F: from=<firstname.lastname@example.org>, size=892, nrcpt=1 (queue active)
Jun 6 18:56:45 mx2 postfix/smtp: DCA5A1BF40F: to=<email@example.com>, relay=mx1.example.com[188.8.131.52]:25, delay=1648, delays=1648/0.09/0.4/0.12, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 167995B0109)
The mail has been delivered to the primary MX where you can see this in the mail log:
Jun 6 18:56:45 mx1 postfix/local: 167995B0109: to=<firstname.lastname@example.org>, orig_to=<email@example.com>, relay=local, delay=0.54, delays=0.08/0.02/0/0.43, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -f-)
So no mails were lost while mx1.example.com was down, and users can continue to retrieve their mails from mx1.example.com.