sandmail
secondary
[code html secondary.htm] <HTML> <HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name=“description”, content=“Here are some small Linux Howto regarding the installation and configuration of Apache, FrontPage Extensions, SendMail and DNS.”> <meta name=“keywords” lang=“en” content=“linux, config, sendmail, linux, relay, primary, secondary, example, apache, frontpage, dns, itma, IT and Management Associates, IT Consultancy, Internet Services”>
<TITLE>Sendmail: Primary and Secondary mail exchangers</TITLE>
<script type=“text/javascript”>
var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-25526909-2']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();
</script>
</HEAD> <body bgcolor=“#C0C0C0” text=“#000000”>
<H1 ALIGN=“left”>Primary and Secondary mail exchangers</H1> <DIV CLASS=“subtoc”><p><strong>Contents</strong> <ol> <li><a class=“tocxref” href=“#introduction”>Introduction</a> <li><a class=“tocxref” href=“#principles”>Basic principles</a> <li><a class=“tocxref” href=“#configuration”>Configuration</a> <ol> <li><a class=“tocxref” href=“#config_overview”>Overview</a> <li><a class=“tocxref” href=“#config_detail”>Details</a> </ol> <li><a class=“tocxref” href=“#error”>Most common mistakes</a> <ol> <li><a class=“tocxref” href=“#error_preferences”>MX preferences</a> <li><a class=“tocxref” href=“#error_canonical”>Canonical names</a> <li><a class=“tocxref” href=“#error_hostname”>Host name</a> </ol> </ol> </div>
<H2><A NAME=“introduction”></A>1. Introduction</H2> <BLOCKQUOTE>
<P>In some occasions, it might be useful to define a secondary (or backup) mail system for your domain. The secondary system will handle the mail for your domain if the primary is unreachable for some reasons (network down, computer crash, primary system overloaded, etc).</P>
</BLOCKQUOTE>
<H2><A NAME=“principles”></A>2. Basic principles</H2> <BLOCKQUOTE>
<P>When a remote sendmail system tries to send a mail at your domain (say <EM>yourdomain.com</EM>), it first queries the DNS for the mail exchangers for your domain. There, it will find (normally) one or several hostnames responsible for the handling of your incoming mail. Finally, it will try to connect to one of these hosts on the SMTP port to deliver the mail.</P> <P>Mail exchangers are specified within the DNS system using <STRONG>MX</STRONG> records (MX - Mail eXchanger). Each MX record specifies a hostname and a priority. Several MX records can be defined per domain, each with different priorities. Suppose the following DNS configuration:</P> <P><CENTER><TABLE BORDER="0" WIDTH="50%" BGCOLOR="#FFFFFF" CELLSPACING="2" CELLPADDING="0"> <TR> <TD WIDTH="107">domain.com.</TD> <TD WIDTH="68">MX 10</TD> <TD WIDTH="176">primary.yourdomain.com.</TD> </TR> <TR> <TD WIDTH="107">domain.com.</TD> <TD WIDTH="68">MX 100</TD> <TD WIDTH="176">secondary.yourdomain.com.</TD> </TR> </TABLE></CENTER></P> <P>MX records with the lowest priority value get precedence on the others (the primary mail system has always the <STRONG>lowest</STRONG> priority value). According to this configuration, mail systems will first try to deliver mail for your domain to the <EM>primary.yourdomain.com</EM> host. If this one is unreachable, they will try to contact the seconday, <EM>secondary.yourdomain.com</EM>.</P> <P>Suppose your primary mail system is down, the secondary will then receive all your incoming mails. Since it is not the final destination, it will try periodically to contact the primary to forward the mails it has collected during the down-time. It does so by quering the DNS system to find out which host is the primary mail system for your domain... and the story continues.</P>
</BLOCKQUOTE>
<H2><A NAME=“configuration”></A>3. Configuration</H2> <H3><A NAME=“config_overview”></A>3.1. Overview</H3> <BLOCKQUOTE>
<P><TABLE BORDER="0" WIDTH="90%" CELLPADDING="5" BGCOLOR="#FFFFFF" CELLSPACING="2"> <TR> <TD WIDTH="12%" VALIGN="TOP"> <STRONG>Primary:</STRONG></TD> <TD WIDTH="88%" VALIGN="TOP"> Tell <EM>SendMail</EM> on the primary system to accept mail for your domain by adding <EM>yourdomain.com</EM> into the <FONT SIZE="-1" FACE="Courier New">/etc/sendmail.cw</FONT> configuration file.</TD> </TR> <TR> <TD WIDTH="12%" VALIGN="TOP"> <STRONG>Secondary:</STRONG></TD> <TD WIDTH="88%" VALIGN="TOP"> Tell <EM>SendMail</EM> on the secondary system to accept relaying mail for your domain by adding <EM>yourdomain.com</EM> into the <FONT SIZE="-1" FACE="Courier New">/etc/mail/relay.allow</FONT> configuration file.</TD> </TR> <TR> <TD WIDTH="12%" VALIGN="TOP"> <STRONG>Dns:</STRONG></TD> <TD WIDTH="88%" VALIGN="TOP"> Setup the MX records with the correct hostnames and priorities. Remember that the primary mail exchanger must have the lowest priority value to get precedence on the others.<BR> <STRONG>Warning:</STRONG> these hostnames must always be defined using <STRONG>A-record (A)</STRONG> (address records).</TD> </TR> </TABLE></P>
</BLOCKQUOTE>
<H3><A NAME=“config_detail”></A>3.2. Details</H3> <BLOCKQUOTE>
<H4>Primary exchanger</H4> <P>The <FONT SIZE="-1" FACE="Courier New">/etc/sendmail.cw</FONT> file tells <EM>SendMail</EM> the domain names it should handle. Mails coming for these domains are considered as being <EM>local</EM> and are treated in the <EM>right way</EM>. If your domain name doesn't appear in this file, <EM>SendMail</EM> will issue an error each time another host tries to send it some mail. Typical error message is <FONT SIZE="-1" FACE="Courier New"><B>...we do not relay</B></FONT>.</P>
<P>Sample configuration file:</P> <P><CENTER><TABLE BORDER="0" WIDTH="65%" BGCOLOR="#FFFFFF" CELLSPACING="2" CELLPADDING="0"> <TR><TD> <FONT SIZE="-1" FACE="Courier New"> <STRONG># /etc/sendmail.cw<BR><BR></STRONG> yourdomain.com </FONT> </TD></TR> </TABLE></CENTER></P>
<H4>Secondary exchanger</H4> <P>You have to tell the hosts you want to be secondary mail exchanger to accept mail for your domain even though they are not their final destination. Just add your domain name in the <FONT SIZE="-1" FACE="Courier New">/etc/mail/relay.allow</FONT> file.</P> <P>Do not add anything else in the /etc/sendmail.cw file on the secondary host. If you put your domain name in this file, <EM>SendMail</EM> will not behave the way you want: it will consider incoming mail for your domain as being local and finally act as a primary exchanger instead of a secondary.</P> <P>Sample configuration file:</P> <P><CENTER><TABLE BORDER="0" WIDTH="65%" BGCOLOR="#FFFFFF" CELLSPACING="2" CELLPADDING="0"> <TR><TD> <FONT SIZE="-1" FACE="Courier New"><STRONG># /etc/mail/relay.allow</STRONG><BR><BR>yourdomain.com</FONT> </TD></TR> </TABLE></CENTER></P>
<H4>DNS</H4> <P>As stated above, several secondary exchangers may be defined for your domain, each with different priorities. This information is provided by the DNS service. Remember that the <STRONG>primary</STRONG> mail exchanger must have the <STRONG>lowest</STRONG> preference value to get precedence on the others. I will not go more deeply into the DNS configuration details on this page, please refer to the appropriate documentation for this.</P> <P>Sample configuration file (file name and IP address are informative):</P> <P><CENTER><TABLE BORDER="0" WIDTH="65%" BGCOLOR="#FFFFFF" CELLSPACING="2" CELLPADDING="0"> <TR><TD><FONT SIZE="-1" FACE="Courier New"> <STRONG># /var/named/db.yourdomain</STRONG><BR><BR> ;<BR> ; Mail Exchangers<BR> ;<BR> IN MX 10 primary.yourdomain.com.<BR> IN MX 20 secondary.yourdomain.com.<BR> <BR> ;<BR> ; Canonical names<BR> ;<BR> primary.yourdomain.com. IN A 192.168.0.1<BR> secondary.yourdomain.com. IN A 192.168.25.78 </FONT></TD></TR> </TABLE></CENTER></P>
</BLOCKQUOTE>
<H2><A NAME=“error”></A>4. Most common mistakes</H2> <H3><A NAME=“error_preferences”></A>4.1. MX preferences</H3> <BLOCKQUOTE>
<P>Check if your primary mail exchanger has the <B>lowest</B> preference value ! Remember, lowest value gets higher preference...</P>
</BLOCKQUOTE>
<H3><A NAME=“error_dns”></A>4.2. DNS config</H3> <BLOCKQUOTE>
<P>It is very important that <B>MX records are defined using A-record and not to aliases</B>. Otherwise, you may receive the following error when the backup system will try to deliver mail to the primary: <B><FONT SIZE="-1" FACE="Courier New">config error: mail loops back to me (MX problem?)</FONT></B></P> <P>Why ? Suppose the following configuration: you setup two mail exchangers for your domain: primary and secondary. SendMail configuration files are setup on both machines as described above. But instead on using canonical names for the secondary, you defined it in your DNS configuration as an alias for another computer, lets say <FONT SIZE="-1" FACE="Courier New">relay.yourdomain.com</FONT>. A sample <STRONG>WRONG</STRONG> DNS configuration is shown below:</P> <P><CENTER><TABLE BORDER="0" WIDTH="65%" BGCOLOR="#FFFFFF" CELLSPACING="2" CELLPADDING="0"> <TR><TD> <FONT SIZE="-1" FACE="Courier New"> <STRONG># /var/named/db.yourdomain</STRONG><BR><BR> ;<BR> ; Mail Exchangers<BR> ;<BR> IN MX 10 primary.yourdomain.com.<BR> IN MX 20 secondary.yourdomain.com. <STRONG>[This is WRONG !!!]</STRONG><BR> <BR> ;<BR> ; Canonical names<BR> ;<BR> primary.yourdomain.com. IN A 192.168.0.1<BR> secondary.yourdomain.com. IN CNAME relay.yourdomain.com.<BR> <BR> ;<BR> ; Aliases<BR> ;<BR> relay.yourdomain.com. IN A 192.168.25.78 </FONT></TD></TR> </TABLE></CENTER></P> <P>After having queued mails for your domain, your secondary will periodically try to flush its queue. As described above, it first query the DNS system looking for a host with a higher priority than it (lowest preference value). In the above example, it will first contact <FONT SIZE="-1" FACE="Courier New">primary.yourdomain.com</FONT>. If it is still unreachable, it will try the second one, which is <FONT SIZE="-1" FACE="Courier New">secondary.yourdomain.com</FONT> (alias). Since your secondary system knows itself as being <FONT SIZE="-1" FACE="Courier New">relay.yourdomain.com</FONT> (canonical name), it will think that <FONT SIZE="-1" FACE="Courier New">secondary.yourdomain.com</FONT> is actually another host... Unfortunately, this alias points to the same machine and the mail will loop back to itself. Conclusion, you get the infamous: <B><FONT SIZE="-1" FACE="Courier New">config error: mail loops back to me (MX problem?).</FONT></B></P>
</BLOCKQUOTE>
<H3><A NAME=“error_hostname”></A>4.3. Host names</H3> <BLOCKQUOTE>
<P>Be sure that your machine knows itself with the same name as the one you put in the DNS configuration, especially for a secondary system. Otherwise, you'll end-up to the same problems as above when using aliases instead of canonical names.</P>
</BLOCKQUOTE>
<HR> <TABLE WIDTH=“100%” BORDER=“0” CELLSPACING=“2” CELLPADDING=“0”>
<TR> <TD WIDTH="50%">Last update: 04 Jan 1999</TD> <TD WIDTH="50%" ALIGN="RIGHT">bertrand dot renuart at itma.lu</TD> </TR>
</TABLE> <a href=“http://www.modulo1.be/app.php?id=12”><font color=“#C0C0C0”>This link is there just to drive google to this very cool web application</a> </BODY> </HTML> [/code]