Mailing List Archive: Qmail: users

Validity of Having Secondary MX Servers

Index | Next | Previous | View Threaded

shawing at gmail

Aug 18, 2009, 1:12 PM

Post #1 of 5 (1906 views)
Permalink

Validity of Having Secondary MX Servers

This is something that's been on my mind for a few years now, and I
would like to know what other's opinions are about having secondary MX
servers.

I work for a small web development company and I manage about 1,000
domains with probably less than half having domain-based email
accounts scattered across 6 qmail servers that I manage. As a service
for these customers we have set up two secondary MX servers to catch
any messages that could not be delivered should the primary mail
server fail. These servers were among the initial qmail servers I set
up. When I installed my first qmail server 9 years ago, this was
standard procedure, however, now I'm not so sure it's relevant, and
possibly even wasteful to have these servers.

My main concern is that these two secondary servers primarily receive
connection attempts that would most likely be spam. I run a
third-party package piped inline with qmail called 'Spamdyke' and it's
writes log entries about why certain connections are allowed or
denied. i.e. if the IP is in a RBL, or if it doesn't have a reverse
DNS entry, etc. I've written a small script that parses the log files
for these entries and if I look at the percentage of denied
connections to allowed connections, I have between 97-98% connections
that are denied for some reason or another. With this high of a
percentage of possible spam, is it worth even running these servers?
I don't know.

I also get around 60MB of log entries each day from these attempts.
Not that that is a lot of disk space, but that is a fair amount of
bandwidth to each server that is basically wasted, if the connections
are spam, and could be of better use elsewhere on the network.

So my questions would be:

1) do you maintain secondary MX servers and continue to do so? If
so, any advice on how to keep them up with minimal spam connections?

2) did you at one time maintain them, but later stopped? If so, how
has it affected you and your customers?

3) have you never maintained them and are happy you did it this way?

Thank you for input and suggestions.
-ken
--
Have a nice day ... unless you've made other plans.

P.S. Here is the output of my script, if you're curious:

[root [at] ns log]# cat /var/log/qmail/smtpd/current |
/usr/local/etc/spam-statistics.pl
3837 DENIED_RDNS_MISSING
3679 DENIED_RBL_MATCH
2443 DENIED_RDNS_RESOLVE
946 DENIED_IP_IN_RDNS
252 ALLOWED
49 TIMEOUT
38 DENIED_OTHER
14 DENIED_SENDER_NO_MX

Allowed: 252
Denied : 11006
% Spam : 97.76%
[root [at] ns log]#

up at 3

Aug 18, 2009, 1:27 PM

Post #2 of 5 (1810 views)
Permalink

Re: Validity of Having Secondary MX Servers [In reply to]

On Tue, 18 Aug 2009, Ken S. wrote:

> 1) do you maintain secondary MX servers and continue to do so? If
> so, any advice on how to keep them up with minimal spam connections?
>
> 2) did you at one time maintain them, but later stopped? If so, how
> has it affected you and your customers?

I came to the conclusion long ago that secondary MX's were not for me,
*most of the time*. As we all know, if your MX goes down, it shouldn't be
hard to get it, or even a new server to replace it back up before
reasonable senders' queue lifetimes expire.

Of course, I am sure for larger networks, it as much for load balancing
and manipulation as it is for "backup". Most domains I host use MX
preference of 10. If one of them is getting hammered with spam to the
point where it's DDOSing my mail server, I'll put in a preference 5 MX to
take the load of that domain off and let the lower-preference MX deal with
filtering out as much as possible.

It tends to work fine.

James Smallacombe PlantageNet, Inc. CEO and Janitor
up [at] 3 http://3.am
=========================================================================

johnl at iecc

Aug 18, 2009, 1:32 PM

Post #3 of 5 (1811 views)
Permalink

Re: Validity of Having Secondary MX Servers [In reply to]

>2) did you at one time maintain them, but later stopped? If so, how
>has it affected you and your customers?

Back when qmail was young, servers and networks were flaky enough that
a secondary server was a good insurance move. These days, unless
you're on an unusually unreliable network, they're more trouble than
they're worth, since as you observe they're mainly targetted by
spammers.

Remember that iIf your server drops offline for an hour or two, any
legitimate mailer will wait and retry, so even if you need to turn it
off now and then for hardware reconfiguration or something, you still
don't need a secondary.

R's,
John

kyle-qmail at memoryhole

Aug 18, 2009, 6:30 PM

Post #4 of 5 (1812 views)
Permalink

Re: Validity of Having Secondary MX Servers [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tuesday, August 18 at 04:12 PM, quoth Ken S.:
> This is something that's been on my mind for a few years now, and I
> would like to know what other's opinions are about having secondary MX
> servers.

I've actually thought a lot about this, usually in the context of
people doing it wrong or for idiotic reasons.

The fundamental question here is: what is the purpose of having
secondary MX servers? Since SMTP-compliant senders are already
required to queue undeliverable messages and retry later, the primary
benefit of a backup MX is to reduce latency in catastrophic
situations. For example, you may have an arrangement where you can
tell the backup MX to deliver all of the messages it is holding for
you all at once as soon as your primary email system comes back
online. That way the messages get delivered as soon as you're ready,
rather than waiting for all the myriad of senders to realize that
you're back online and retry---which, depending on their retry
schedules, could take hours.

Now ask yourself, what would take your primary email system down?
There are two major categories of reasons: things that take your whole
network down (power outages, network outages, etc.), and things that
take your single system down. A backup MX only makes sense to deal
with the first category, not the second. In the case of a single
system failure, why have the "backup" MX be a "backup" rather than in
use with the same priority as the "primary"? Giving it the same
priority increases your ability to transparently handle spikes in
email traffic, and generally reduces message latency by reducing
single-system average load. Given that, having a backup MX as simply
another server in the machine room (with a less preferable MX record)
is ridiculous. Having a backup MX with an entirely independent power
supply and an entirely independent network in an entirely different
location is an effective backup.

So now we know the situation a backup MX is good at addressing: it
reduces message delivery latency when your entire network is down for
more than an hour. And that's assuming you have an arrangement with
that MX so that you can get it to quickly deliver all the messages
it's holding for you.

Is that a situation you're worried about? Is the latency of that email
critical? If so, then a backup MX is a useful tool. If not, especially
if you simply have multiple email systems in the same room on the same
network, then it is more useful and more effective to give them all
the same MX priority.

> 1) do you maintain secondary MX servers and continue to do so? If
> so, any advice on how to keep them up with minimal spam connections?

No, I don't maintain secondary MX servers.

> 2) did you at one time maintain them, but later stopped? If so, how
> has it affected you and your customers?

Once upon a time, I worked for a company that had an arrangement with
our ISP to provide backup MX service, such that if our building lost
power, they would hold our mail for us. We never had to use it, but...
it was a very cheap insurance policy. At the time we had it set up
that way simply because it was considered "best practice" to have an
offsite backup MX. But if I was in the same position today, I probably
wouldn't opt to do it.

These days so many people (particularly spammers) play games with MX
records that they're less worth maintaining than they ever used to be.
At least, that's my opinion.

~Kyle
- --
It is an established maxim and moral that he who makes an assertion
without knowing whether it is true or false is guilty of falsehood,
and the accidental truth of the assertion does not justify or excuse
him.
-- Abraham Lincoln
-----BEGIN PGP SIGNATURE-----
Comment: Thank you for using encryption!

iQIcBAEBCAAGBQJKi1WzAAoJECuveozR/AWehtgP/ierJLfFZyEsrIjoLzShbXK9
vetyYYKAUsWnQLmck6bVrtLi9mGPHc4upgtMIN1/qq7wyv41rxFvR+cbSiLhttgG
02N3XeWm/9UBthFO6CmsuXpmGIOaQ91ZE97zZsVXqWS6Fz495cxn0mPQCGcKrf8u
vmKDOYs29ZRcl2jAj2vq2z/TtHzyXFp8PhO7tpA2DqyCEvpbncCquZinp5yE4qvp
sMRoK39bmZqojY9L6pMpJ4AMGRcUZD8bMEt6Hk6AdDdTMeXaRAx4ZRS6S6dQwwX0
NVtWc75+aAEvNmW/5mjqvlDvh2v7XJi1zz+UpUcTqxI+MZEQxvx9/3dRzjWcxVnI
2zLt2XhQurv6UcYFuObAz2T0GajDZfhl4KKfnHRDe1R67WUD4dkGvXnlIOR3+Lj6
jIkxNY1/L6vak10jTH0uazbCn/chpSq6bV/UiKVh9z0SIk0IA1W+II9h1t7yhE/H
qp29bsYL12f3zGFrroaByXbYrB/QE2rA+cSS74IiVB8P+kf4L8XGzvt5iO9ZfOhG
aN5s/uM49NP50OQqBoCSfMFPasaicWCSavzzasvYkSlyKq49NuPB/Kib6kSKC3bH
lqfcPeAhHVH6Z4cJNwpF9ve0b/lyuwcDtTG/Nq3kOUCyYFJM1w/eozOuEIzUOKJH
gsr3pb3YCpfhPqvfjRzx
=SZmY
-----END PGP SIGNATURE-----

gburnore at databasix

Aug 18, 2009, 6:54 PM

Post #5 of 5 (1802 views)
Permalink

RE: Validity of Having Secondary MX Servers [In reply to]

On Tue, 18 Aug 2009, Ken S. wrote:

> 1) do you maintain secondary MX servers and continue to do so? If
> so, any advice on how to keep them up with minimal spam connections?

Yes. We have a total of four MX servers that all feed one QMail server.
They run sendmail, only provide inbound and are protected via multiple types
of spam/virus protection that we'll not disclose. Two are colo and two are
in the same location as the QMail server.

Our remotes are preference 20 and our locals are preference 10. If both
local MX servers or our entire local site go down, however unlikely, the
ones located offsite are still there. Only once have both locations been
down at the same time and, in that case, one was back within an hour.

IF we make changes to the MX servers, we can do it two servers at a time
(one local and one colo) and still have two working. Having two up at any
one time, both with the same preference, they share the load rather nicely.
Having four up makes it even nicer.

The shared load means our MX servers can be SUN Netra's instead of more
powerful machines so we actually have an extra one sitting at each location
just in case the other two croak in quick succession (power surge that kills
the surge protection/ups and server).

> 2) did you at one time maintain them, but later stopped? If so, how
> has it affected you and your customers?

Since this one is N/A, I'll answer another:
2b) would you ever have only one MX or just use the QMail server as MX.

A: A hearty hell no. We're extremely happy with our setup because our
customers are extremely happy. The one wish is that we could easily colo
the actual QMail queue. It's unrealistic to believe that outages don't
occur. It's unrealistic to think a major network outage, electrical outage,
natural disaster or anything else won't occur.

Our customers expect to be able to send and receive their email when they
want it without delay. Having several MX servers helps that. One QMail queue
does not.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads