Blaauwgeers PRO

[code html secondary.htm] <HTML> <HEAD>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

<meta name=“description”, content=“Here are some small Linux Howto regarding the installation and configuration of Apache, FrontPage Extensions, SendMail and DNS.”> <meta name=“keywords” lang=“en” content=“linux, config, sendmail, linux, relay, primary, secondary, example, apache, frontpage, dns, itma, IT and Management Associates, IT Consultancy, Internet Services”>

<TITLE>Sendmail: Primary and Secondary mail exchangers</TITLE>

<script type=“text/javascript”>

var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-25526909-2']);
_gaq.push(['_trackPageview']);
    
      (function() {
          var ga = document.createElement('script'); ga.type =
      'text/javascript'; ga.async = true;
          ga.src = ('https:' == document.location.protocol ? 'https://ssl'
      : 'http://www') + '.google-analytics.com/ga.js';
          var s = document.getElementsByTagName('script')[0];
      s.parentNode.insertBefore(ga, s);
        })();
        

</script>

</HEAD> <body bgcolor=“#C0C0C0” text=“#000000”>

<H1 ALIGN=“left”>Primary and Secondary mail exchangers</H1> <DIV CLASS=“subtoc”><p><strong>Contents</strong> <ol> <li><a class=“tocxref” href=“#introduction”>Introduction</a> <li><a class=“tocxref” href=“#principles”>Basic principles</a> <li><a class=“tocxref” href=“#configuration”>Configuration</a> <ol> <li><a class=“tocxref” href=“#config_overview”>Overview</a> <li><a class=“tocxref” href=“#config_detail”>Details</a> </ol> <li><a class=“tocxref” href=“#error”>Most common mistakes</a> <ol> <li><a class=“tocxref” href=“#error_preferences”>MX preferences</a> <li><a class=“tocxref” href=“#error_canonical”>Canonical names</a> <li><a class=“tocxref” href=“#error_hostname”>Host name</a> </ol> </ol> </div>

<H2><A NAME=“introduction”></A>1. Introduction</H2> <BLOCKQUOTE>

<P>In some occasions, it might be useful to define a secondary
(or backup) mail system for your domain. The secondary system
will handle the mail for your domain if the primary is unreachable
for some reasons (network down, computer crash, primary system
overloaded, etc).</P>

</BLOCKQUOTE>

<H2><A NAME=“principles”></A>2. Basic principles</H2> <BLOCKQUOTE>

<P>When a remote sendmail system tries to send a mail at your
domain (say <EM>yourdomain.com</EM>), it first queries the DNS
for the mail exchangers for your domain. There, it will find
(normally) one or several hostnames responsible for the handling
of your incoming mail. Finally, it will try to connect to one
of these hosts on the SMTP port to deliver the mail.</P>
<P>Mail exchangers are specified within the DNS system using
<STRONG>MX</STRONG> records (MX - Mail eXchanger). Each MX record
specifies a hostname and a priority. Several MX records can be
defined per domain, each with different priorities. Suppose the
following DNS configuration:</P>
<P><CENTER><TABLE BORDER="0" WIDTH="50%" BGCOLOR="#FFFFFF" CELLSPACING="2" CELLPADDING="0">
  <TR>
    <TD WIDTH="107">domain.com.</TD> 
    <TD WIDTH="68">MX 10</TD> 
    <TD WIDTH="176">primary.yourdomain.com.</TD> 
  </TR>
  <TR>
    <TD WIDTH="107">domain.com.</TD> 
    <TD WIDTH="68">MX 100</TD> 
    <TD WIDTH="176">secondary.yourdomain.com.</TD> 
  </TR>
</TABLE></CENTER></P>
<P>MX records with the lowest priority value get precedence on
the others (the primary mail system has always the <STRONG>lowest</STRONG>
priority value). According to this configuration, mail systems
will first try to deliver mail for your domain to the <EM>primary.yourdomain.com</EM>
host. If this one is unreachable, they will try to contact the
seconday, <EM>secondary.yourdomain.com</EM>.</P>
<P>Suppose your primary mail system is down, the secondary will
then receive all your incoming mails. Since it is not the final
destination, it will try periodically to contact the primary
to forward the mails it has collected during the down-time. It
does so by quering the DNS system to find out which host is the
primary mail system for your domain... and the story continues.</P>

</BLOCKQUOTE>

<H2><A NAME=“configuration”></A>3. Configuration</H2> <H3><A NAME=“config_overview”></A>3.1. Overview</H3> <BLOCKQUOTE>

<P><TABLE BORDER="0" WIDTH="90%" CELLPADDING="5" BGCOLOR="#FFFFFF" CELLSPACING="2">
  <TR>
    <TD WIDTH="12%" VALIGN="TOP">
    <STRONG>Primary:</STRONG></TD> 
    <TD WIDTH="88%" VALIGN="TOP">
    Tell <EM>SendMail</EM> on the primary system to accept mail for
    your domain by adding <EM>yourdomain.com</EM> into the <FONT SIZE="-1" FACE="Courier New">/etc/sendmail.cw</FONT> configuration
    file.</TD> 
  </TR>
  <TR>
    <TD WIDTH="12%" VALIGN="TOP">
    <STRONG>Secondary:</STRONG></TD> 
    <TD WIDTH="88%" VALIGN="TOP">
    Tell <EM>SendMail</EM> on the secondary system to accept relaying
    mail for your domain by adding <EM>yourdomain.com</EM> into the
    <FONT SIZE="-1" FACE="Courier New">/etc/mail/relay.allow</FONT>
    configuration file.</TD> 
  </TR>
  <TR>
    <TD WIDTH="12%" VALIGN="TOP">
    <STRONG>Dns:</STRONG></TD> 
    <TD WIDTH="88%" VALIGN="TOP">
    Setup the MX records with the correct hostnames and priorities.
    Remember that the primary mail exchanger must have the lowest
    priority value to get precedence on the others.<BR>
    <STRONG>Warning:</STRONG> these hostnames must always be defined using 
    <STRONG>A-record (A)</STRONG> (address records).</TD> 
  </TR>
</TABLE></P>

</BLOCKQUOTE>

<H3><A NAME=“config_detail”></A>3.2. Details</H3> <BLOCKQUOTE>

<H4>Primary exchanger</H4>
<P>The <FONT SIZE="-1" FACE="Courier New">/etc/sendmail.cw</FONT>
file tells <EM>SendMail</EM> the domain names it should handle.
Mails coming for these domains are considered as being <EM>local</EM>
and are treated in the <EM>right way</EM>. If your domain name
doesn't appear in this file, <EM>SendMail</EM> will issue an
error each time another host tries to send it some mail. Typical
error message is <FONT SIZE="-1" FACE="Courier New"><B>...we do not relay</B></FONT>.</P>

<P>Sample configuration file:</P>
<P><CENTER><TABLE BORDER="0" WIDTH="65%" BGCOLOR="#FFFFFF" CELLSPACING="2" CELLPADDING="0">
  <TR><TD>
      <FONT SIZE="-1" FACE="Courier New">
        <STRONG># /etc/sendmail.cw<BR><BR></STRONG>
        yourdomain.com
      </FONT>
  </TD></TR>
</TABLE></CENTER></P>

<H4>Secondary exchanger</H4>
<P>You have to tell the hosts you want to be secondary mail exchanger
to accept mail for your domain even though they are not their
final destination. Just add your domain name in the <FONT SIZE="-1"
 FACE="Courier New">/etc/mail/relay.allow</FONT> file.</P>
<P>Do not add anything else in the /etc/sendmail.cw file on the
secondary host. If you put your domain name in this file, <EM>SendMail</EM>
will not behave the way you want: it will consider incoming mail
for your domain as being local and finally act as a primary exchanger
instead of a secondary.</P>
<P>Sample configuration file:</P>
<P><CENTER><TABLE BORDER="0" WIDTH="65%" BGCOLOR="#FFFFFF" CELLSPACING="2" CELLPADDING="0">
  <TR><TD>
    <FONT SIZE="-1" FACE="Courier New"><STRONG># /etc/mail/relay.allow</STRONG><BR><BR>yourdomain.com</FONT>
  </TD></TR>
</TABLE></CENTER></P>

<H4>DNS</H4>
<P>As stated above, several secondary exchangers may be defined
for your domain, each with different priorities. This information
is provided by the DNS service. Remember that the <STRONG>primary</STRONG>
mail exchanger must have the <STRONG>lowest</STRONG> preference
value to get precedence on the others. I will not go more deeply
into the DNS configuration details on this page, please refer
to the appropriate documentation for this.</P>
<P>Sample configuration file (file name and IP address are informative):</P>
<P><CENTER><TABLE BORDER="0" WIDTH="65%" BGCOLOR="#FFFFFF" CELLSPACING="2" CELLPADDING="0">
  <TR><TD><FONT SIZE="-1" FACE="Courier New">
    <STRONG># /var/named/db.yourdomain</STRONG><BR><BR>
    ;<BR>
    ; Mail Exchangers<BR>
    ;<BR>
    &nbsp;&nbsp;&nbsp;&nbsp;IN MX 10&nbsp;&nbsp;&nbsp;primary.yourdomain.com.<BR>
    &nbsp;&nbsp;&nbsp;&nbsp;IN MX 20&nbsp;&nbsp;&nbsp;secondary.yourdomain.com.<BR>
     <BR>
    ;<BR>
    ; Canonical names<BR>
    ;<BR>
    primary.yourdomain.com.&nbsp;&nbsp;&nbsp;IN A&nbsp;192.168.0.1<BR>
    secondary.yourdomain.com.&nbsp;IN A&nbsp;192.168.25.78
  </FONT></TD></TR>
</TABLE></CENTER></P>

</BLOCKQUOTE>

<H2><A NAME=“error”></A>4. Most common mistakes</H2> <H3><A NAME=“error_preferences”></A>4.1. MX preferences</H3> <BLOCKQUOTE>

<P>Check if your primary mail exchanger has the <B>lowest</B>
preference value ! Remember, lowest value gets higher preference...</P>

</BLOCKQUOTE>

<H3><A NAME=“error_dns”></A>4.2. DNS config</H3> <BLOCKQUOTE>

<P>It is very important that <B>MX records are defined using A-record and not to aliases</B>. 
Otherwise, you may receive the   following error when the backup system will try to deliver mail
to the primary: <B><FONT SIZE="-1" FACE="Courier New">config
error: mail loops back to me (MX problem?)</FONT></B></P>
<P>Why ? Suppose the following configuration: you setup two mail
exchangers for your domain: primary and secondary. SendMail configuration
files are setup on both machines as described above. But instead
on using canonical names for the secondary, you defined it in
your DNS configuration as an alias for another computer, lets
say <FONT SIZE="-1" FACE="Courier New">relay.yourdomain.com</FONT>.
A sample <STRONG>WRONG</STRONG> DNS configuration is shown below:</P>
<P><CENTER><TABLE BORDER="0" WIDTH="65%" BGCOLOR="#FFFFFF" CELLSPACING="2" CELLPADDING="0">
  <TR><TD>
    <FONT SIZE="-1" FACE="Courier New">
    <STRONG># /var/named/db.yourdomain</STRONG><BR><BR>
    ;<BR>
    ; Mail Exchangers<BR>
    ;<BR>
    &nbsp;&nbsp;&nbsp;&nbsp;IN MX 10&nbsp;&nbsp;&nbsp;primary.yourdomain.com.<BR>
    &nbsp;&nbsp;&nbsp;&nbsp;IN MX 20&nbsp;&nbsp;&nbsp;secondary.yourdomain.com. <STRONG>[This is WRONG !!!]</STRONG><BR>
     <BR>
    ;<BR>
    ; Canonical names<BR>
    ;<BR>
    primary.yourdomain.com.&nbsp;&nbsp;&nbsp;IN A&nbsp;192.168.0.1<BR>
    secondary.yourdomain.com.&nbsp;IN CNAME relay.yourdomain.com.<BR>
     <BR>
    ;<BR>
    ; Aliases<BR>
    ;<BR>
    relay.yourdomain.com.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;IN A&nbsp;192.168.25.78
  </FONT></TD></TR>
</TABLE></CENTER></P>
<P>After having queued mails for your domain, your secondary
will periodically try to flush its queue. As described above,
it first query the DNS system looking for a host with a higher
priority than it (lowest preference value). In the above example,
it will first contact <FONT SIZE="-1" FACE="Courier New">primary.yourdomain.com</FONT>.
If it is still unreachable, it will try the second one, which
is <FONT SIZE="-1" FACE="Courier New">secondary.yourdomain.com</FONT>
(alias). Since your secondary system knows itself as being <FONT
 SIZE="-1" FACE="Courier New">relay.yourdomain.com</FONT> (canonical
name), it will think that <FONT SIZE="-1" FACE="Courier New">secondary.yourdomain.com</FONT>
is actually another host... Unfortunately, this alias points
to the same machine and the mail will loop back to itself. Conclusion,
you get the infamous: <B><FONT SIZE="-1" FACE="Courier New">config
error: mail loops back to me (MX problem?).</FONT></B></P>

</BLOCKQUOTE>

<H3><A NAME=“error_hostname”></A>4.3. Host names</H3> <BLOCKQUOTE>

<P>Be sure that your machine knows itself with the same name
as the one you put in the DNS configuration, especially for a
secondary system. Otherwise, you'll end-up to the same problems
as above when using aliases instead of canonical names.</P>

</BLOCKQUOTE>

<HR> <TABLE WIDTH=“100%” BORDER=“0” CELLSPACING=“2” CELLPADDING=“0”>

<TR>
  <TD WIDTH="50%">Last update: 04 Jan 1999</TD>
  <TD WIDTH="50%" ALIGN="RIGHT">bertrand dot renuart at itma.lu</TD>
</TR>

</TABLE> <a href=“http://www.modulo1.be/app.php?id=12”><font color=“#C0C0C0”>This link is there just to drive google to this very cool web application</a> </BODY> </HTML> [/code]