Strategies for using backup MX records

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Strategies for using backup MX records

Chris Green-11
This is a fairly naive and open-ended question I'm afraid but I'm sure
others here may have similar setups and thus have answers.

I run Postfix on a home server which is on all the time of course but,
as it's connected via a 'domestic' broadband service it's not a 100%
reliable connection. There are also times when I reconfigure things
(e.g. upgrade the server) that cause downtimes.

What sort of strategies are available for coping with the (rare)
disconnections of a few hours that occasionally occur?  I know that
SMTP delivery is fairly robust and, as far as I know, the backing off
and retrying seems to work pretty well but I'd like, if I can, to do
even better.

I have access to the zone files for my system's domain so I can add
lower priority MX records but I'm not really sure how that helps, does
anyone go down this route with a home system?

Any ideas or comments would be welcome, even "don't bother the SMTP
back-off works well enough".

--
Chris Green
Reply | Threaded
Open this post in threaded view
|

Re: Strategies for using backup MX records

Chris Green-11
On Thu, Aug 17, 2017 at 01:38:18PM +0100, Chris Green wrote:
> This is a fairly naive and open-ended question I'm afraid but I'm sure
> others here may have similar setups and thus have answers.
>
> I run Postfix on a home server which is on all the time of course but,
> as it's connected via a 'domestic' broadband service it's not a 100%
> reliable connection. There are also times when I reconfigure things
> (e.g. upgrade the server) that cause downtimes.
>
Of course I forgot to say, I use Postfix to *receive* mail sent to my
domain using SMTP.

> What sort of strategies are available for coping with the (rare)
> disconnections of a few hours that occasionally occur?  I know that
> SMTP delivery is fairly robust and, as far as I know, the backing off
> and retrying seems to work pretty well but I'd like, if I can, to do
> even better.
>
> I have access to the zone files for my system's domain so I can add
> lower priority MX records but I'm not really sure how that helps, does
> anyone go down this route with a home system?
>
> Any ideas or comments would be welcome, even "don't bother the SMTP
> back-off works well enough".
>
> --
> Chris Green

--
Chris Green
Reply | Threaded
Open this post in threaded view
|

Re: Strategies for using backup MX records

Tanstaafl
In reply to this post by Chris Green-11
On 8/17/2017, 8:38:18 AM, Chris Green <[hidden email]> wrote:
> What sort of strategies are available for coping with the (rare)
> disconnections of a few hours that occasionally occur?  I know that
> SMTP delivery is fairly robust and, as far as I know, the backing off
> and retrying seems to work pretty well but I'd like, if I can, to do
> even better.

Short answer: there may have been a time long ago when a backup MX made
sense, but that time is long past. Managing one is way, way more trouble
than it is worth, and even if you do it right, gets you virtually zero
benefits.
Reply | Threaded
Open this post in threaded view
|

Re: Strategies for using backup MX records

Phil Stracchino
In reply to this post by Chris Green-11
On 08/17/17 08:38, Chris Green wrote:

> This is a fairly naive and open-ended question I'm afraid but I'm sure
> others here may have similar setups and thus have answers.
>
> I run Postfix on a home server which is on all the time of course but,
> as it's connected via a 'domestic' broadband service it's not a 100%
> reliable connection. There are also times when I reconfigure things
> (e.g. upgrade the server) that cause downtimes.
>
> What sort of strategies are available for coping with the (rare)
> disconnections of a few hours that occasionally occur?  I know that
> SMTP delivery is fairly robust and, as far as I know, the backing off
> and retrying seems to work pretty well but I'd like, if I can, to do
> even better.
>
> I have access to the zone files for my system's domain so I can add
> lower priority MX records but I'm not really sure how that helps, does
> anyone go down this route with a home system?
>
> Any ideas or comments would be welcome, even "don't bother the SMTP
> back-off works well enough".


I have a single secondary MX at a domain controlled by another competent
individual whom I know.  It's useful in the event of a sustained service
outage or other delivery problems (say, if the main application server
went down and I had to rebuild it from backups).


--
  Phil Stracchino
  Babylon Communications
  [hidden email]
  [hidden email]
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958
Reply | Threaded
Open this post in threaded view
|

Re: Strategies for using backup MX records

Tanstaafl
On 8/17/2017, 8:56:53 AM, Phil Stracchino <[hidden email]> wrote:
> I have a single secondary MX at a domain controlled by another competent
> individual whom I know.  It's useful in the event of a sustained service
> outage or other delivery problems (say, if the main application server
> went down and I had to rebuild it from backups).

Most sites will retry by default for 1-3 days (I think 3 days is
postfix's default).

A sending server will usually give a warning about a delay in the email
delivery within a certain amount of time, then report failure after its
configured time.

If you have a backup MX, then the sender *will not know* that there is a
problem.

In the vast majority of cases, the perceived benefit is simply not worth
the trouble. If your server is down for more than 3 days, then you have
bigger problems, and the vast majority of the emails you would have held
will have lost their value (if they had any real value in the first
place), and the rest would have contacted the recipient by other means
when they saw the delivery warnings/failures.

I used to set our local warning for 4 hours (before the boss decided to
migrate to Office365), because a lot of our business is time-sensitive.

So, again, the actual benefit is generally far less than the perceived
benefit - and there is even a real cost in many cases (sender doesn't
know there is a problem), so running a backup MX, in the vast majority
of cases, is simply not a good idea.

But, to each their own...
Reply | Threaded
Open this post in threaded view
|

Re: Strategies for using backup MX records

allenc
In reply to this post by Chris Green-11


On 17/08/17 13:38, Chris Green wrote:
> I run Postfix on a home server which is on all the time of course but,
> as it's connected via a 'domestic' broadband service it's not a 100%
> reliable connection. There are also times when I reconfigure things
> (e.g. upgrade the server) that cause downtimes.
>

I am in an identical situation to you - my broadband modem locked up
this morning & I had to reboot everything :-(

My original domain hosting service forwarded emails to a pop-3 account
(run by my ISP)
When postfix came along, the pop-3 account became my fall-back.

My new domain host offers a back-up server, and that is how I am running
now.

In reality, I receive very few genuine emails via the back-up server;
they are mostly spam which has been refused by my primary, or from hosts
which didn't bother trying the primary.

About a month ago I implemented grey-listing within postscreen.  Since
then I have had half a dozen or so immediate retries via the secondary.

I am brooding over the idea of obtaining an "el cheapo" second internet
connection - that opens up the possibility of running my own secondary
server on a raspberry pi, or something.

I don't think any harm would come by NOT having a back-up of some sort -
but it runs severely against my nature.

hope this helps

Allen C
Reply | Threaded
Open this post in threaded view
|

Re: Strategies for using backup MX records

Phil Stracchino
In reply to this post by Tanstaafl
On 08/17/17 09:04, Tanstaafl wrote:

> In the vast majority of cases, the perceived benefit is simply not worth
> the trouble. If your server is down for more than 3 days, then you have
> bigger problems, and the vast majority of the emails you would have held
> will have lost their value (if they had any real value in the first
> place), and the rest would have contacted the recipient by other means
> when they saw the delivery warnings/failures.
>
> I used to set our local warning for 4 hours (before the boss decided to
> migrate to Office365), because a lot of our business is time-sensitive.
>
> So, again, the actual benefit is generally far less than the perceived
> benefit - and there is even a real cost in many cases (sender doesn't
> know there is a problem), so running a backup MX, in the vast majority
> of cases, is simply not a good idea.


This is nice in theory but doesn't work in practice, because not every
sender particularly closely follows the applicable RFCs.  Certain major
mailing list hosts (not that I'd mention Sourceforge by name, for
example) will, upon seeing multiple delivery failures, just drop
subscribers from the list with no further attempt at notice.  Depending
on the mailing list this may have major real-world impact.



--
  Phil Stracchino
  Babylon Communications
  [hidden email]
  [hidden email]
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958
Reply | Threaded
Open this post in threaded view
|

OT: Re: Strategies for using backup MX records

Tanstaafl
On 8/17/2017, 9:28:00 AM, Phil Stracchino <[hidden email]> wrote:
> This is nice in theory but doesn't work in practice,

This statement is most assuredly not true in a general sense.

The reality is, it works very well in the vast majority of cases.

> because not every sender particularly closely follows the applicable
> RFCs.
No one said they did, but the vast majority of the important ones do.

> Certain major mailing list hosts (not that I'd mention Sourceforge by
> name, for example) will, upon seeing multiple delivery failures, just
> drop subscribers from the list with no further attempt at notice.
Email list messages are hardly what I would classify as 'worth the
effort'. They all (in general) archive their messages, so you can always
go read and catch up if it is that important to you.

To most people, it isn't.

> Depending on the mailing list this may have major real-world impact.

Not really - as I said they all (the important ones at least) have
publicly available web archives (and many have newsgroup gateways), if
they are that important to you.

But, again, to each their own.

I won't respond further on list since this is gone way OT...
Reply | Threaded
Open this post in threaded view
|

Re: Strategies for using backup MX records

Chris Green-11
In reply to this post by Tanstaafl
On Thu, Aug 17, 2017 at 08:49:20AM -0400, Tanstaafl wrote:

> On 8/17/2017, 8:38:18 AM, Chris Green <[hidden email]> wrote:
> > What sort of strategies are available for coping with the (rare)
> > disconnections of a few hours that occasionally occur?  I know that
> > SMTP delivery is fairly robust and, as far as I know, the backing off
> > and retrying seems to work pretty well but I'd like, if I can, to do
> > even better.
>
> Short answer: there may have been a time long ago when a backup MX made
> sense, but that time is long past. Managing one is way, way more trouble
> than it is worth, and even if you do it right, gets you virtually zero
> benefits.

So just rely on SMTP senders backing off and retrying and try and
minimise the time my system is off line.  OK, it's simple!  :-)

--
Chris Green
Reply | Threaded
Open this post in threaded view
|

Re: Strategies for using backup MX records

Chris Green-11
In reply to this post by Tanstaafl
On Thu, Aug 17, 2017 at 09:04:45AM -0400, Tanstaafl wrote:

> On 8/17/2017, 8:56:53 AM, Phil Stracchino <[hidden email]> wrote:
> > I have a single secondary MX at a domain controlled by another competent
> > individual whom I know.  It's useful in the event of a sustained service
> > outage or other delivery problems (say, if the main application server
> > went down and I had to rebuild it from backups).
>
> Most sites will retry by default for 1-3 days (I think 3 days is
> postfix's default).
>
> A sending server will usually give a warning about a delay in the email
> delivery within a certain amount of time, then report failure after its
> configured time.
>
> If you have a backup MX, then the sender *will not know* that there is a
> problem.
>
> In the vast majority of cases, the perceived benefit is simply not worth
> the trouble. If your server is down for more than 3 days, then you have
> bigger problems, and the vast majority of the emails you would have held
> will have lost their value (if they had any real value in the first
> place), and the rest would have contacted the recipient by other means
> when they saw the delivery warnings/failures.
>
> I used to set our local warning for 4 hours (before the boss decided to
> migrate to Office365), because a lot of our business is time-sensitive.
>
> So, again, the actual benefit is generally far less than the perceived
> benefit - and there is even a real cost in many cases (sender doesn't
> know there is a problem), so running a backup MX, in the vast majority
> of cases, is simply not a good idea.
>
Another 'do nothing', that's fine, thank you.  I had realised that the
secondary/backup MX would mean that mail would get delivered but
possibly not to where I'd see it.  That's sort of why I asked the
question, I was wondering about setting up way (via a 3G phone or
whatever) to get to see those E-Mails.

As it is I deliver all my mail (in parallel to the SMTP delivery to my
home system) to another (not at home) system into an
unfiltered/unsorted mailbox so anything urgent I can extract from
there if necessary.

--
Chris Green
Reply | Threaded
Open this post in threaded view
|

Re: Strategies for using backup MX records

Chris Green-11
In reply to this post by allenc
On Thu, Aug 17, 2017 at 02:24:45PM +0100, Allen Coates wrote:

>
>
> On 17/08/17 13:38, Chris Green wrote:
> > I run Postfix on a home server which is on all the time of course but,
> > as it's connected via a 'domestic' broadband service it's not a 100%
> > reliable connection. There are also times when I reconfigure things
> > (e.g. upgrade the server) that cause downtimes.
> >
>
> I am in an identical situation to you - my broadband modem locked up
> this morning & I had to reboot everything :-(
>
> My original domain hosting service forwarded emails to a pop-3 account
> (run by my ISP)
> When postfix came along, the pop-3 account became my fall-back.
>
> My new domain host offers a back-up server, and that is how I am running
> now.
>
> In reality, I receive very few genuine emails via the back-up server;
> they are mostly spam which has been refused by my primary, or from hosts
> which didn't bother trying the primary.
>
> About a month ago I implemented grey-listing within postscreen.  Since
> then I have had half a dozen or so immediate retries via the secondary.
>
> I am brooding over the idea of obtaining an "el cheapo" second internet
> connection - that opens up the possibility of running my own secondary
> server on a raspberry pi, or something.
>
> I don't think any harm would come by NOT having a back-up of some sort -
> but it runs severely against my nature.
>
> hope this helps
>
Thanks, it's good to hear other people puzzle over the same problems.

What I currently do (and I'll probably continue to do after reading
the comments here) is to deliver all my mail to two destinations.
This is easy as my hosting provider does this, I simply put two
addresses in the mail forwarding for my main E-Mail address.

One of these is my home system, the other is a system where I have an
account with ssh access.  On my home system the E-Mail is sorted and
filtered as needed, on the ssh access system all the mail simply drops
into a single mailbox and is deleted when more than a couple of weeks
old.  Thus if my home system is off for any reason I can recover
urgent E-Mails from the remote system.

Thanks for all the comments and ideas, as I said I'm pretty convinced
that I will continue as at present.

--
Chris Green
Reply | Threaded
Open this post in threaded view
|

Re: Strategies for using backup MX records

allenc
The thing I liked about my pop-3 solution was, if my server blew up and
I had to rebuild from scratch with new hardware, I could still read my
emails via my (almost redundant) ISP account

Allen C

On 17/08/17 16:10, Chris Green wrote:

> On Thu, Aug 17, 2017 at 02:24:45PM +0100, Allen Coates wrote:
>>
>>
>> On 17/08/17 13:38, Chris Green wrote:
>>> I run Postfix on a home server which is on all the time of course but,
>>> as it's connected via a 'domestic' broadband service it's not a 100%
>>> reliable connection. There are also times when I reconfigure things
>>> (e.g. upgrade the server) that cause downtimes.
>>>
>>
>> I am in an identical situation to you - my broadband modem locked up
>> this morning & I had to reboot everything :-(
>>
>> My original domain hosting service forwarded emails to a pop-3 account
>> (run by my ISP)
>> When postfix came along, the pop-3 account became my fall-back.
>>
>> My new domain host offers a back-up server, and that is how I am running
>> now.
>>
>> In reality, I receive very few genuine emails via the back-up server;
>> they are mostly spam which has been refused by my primary, or from hosts
>> which didn't bother trying the primary.
>>
>> About a month ago I implemented grey-listing within postscreen.  Since
>> then I have had half a dozen or so immediate retries via the secondary.
>>
>> I am brooding over the idea of obtaining an "el cheapo" second internet
>> connection - that opens up the possibility of running my own secondary
>> server on a raspberry pi, or something.
>>
>> I don't think any harm would come by NOT having a back-up of some sort -
>> but it runs severely against my nature.
>>
>> hope this helps
>>
> Thanks, it's good to hear other people puzzle over the same problems.
>
> What I currently do (and I'll probably continue to do after reading
> the comments here) is to deliver all my mail to two destinations.
> This is easy as my hosting provider does this, I simply put two
> addresses in the mail forwarding for my main E-Mail address.
>
> One of these is my home system, the other is a system where I have an
> account with ssh access.  On my home system the E-Mail is sorted and
> filtered as needed, on the ssh access system all the mail simply drops
> into a single mailbox and is deleted when more than a couple of weeks
> old.  Thus if my home system is off for any reason I can recover
> urgent E-Mails from the remote system.
>
> Thanks for all the comments and ideas, as I said I'm pretty convinced
> that I will continue as at present.
>