Zimbra as a backup MX

[pgienger]

We are currently a ZCS NE customer running one server at our primary hosting office, but would like to setup a backup MX in our secondary office. Is it possible, or permitted under the license, to use Zimbra as a backup MX in the second site? I did set up a basic postfix MX host but within a few hours I was getting spammed heavily. Part of the reason to go with Zimbra was so that the spam/AV features were bundled in and managed, if I have to configure up and maintain those features in the backup MX, then I've gained nothing really.

Here's how I'm envisioning the setup going.

Main site:
Primary MX host, all users and domains defined here.

Secondary site:
Backup MX VM, no users defined here, but all domains defined. Relay MTA set to the primary MX.

Would that be a valid configuration? Would the mail sit on the backup while the primary is down/unavailable as it should?

TIA

[jholder]

Yeah, that should work. That's how we have it set up here at Zimbra, so that when we do updates, our MTA still captures messages.

License wise, you may just wish to install the Community Edition on that box.

[bjared]

This is the first I've heard of "Community Edition". Is that the Open-source version? (We use ZCS 4.5.6 NE) We want to do this same thing, but were wondering about the system requirements of an MTA-only install. We find that Zimbra loves memory, but if we could run this in VMware with 256MB of RAM and maybe 8GB of disk space, that'd be great.

--Brian

EDIT: Darnit, I always think of stuff after I hit "Submit." Anyway, What we're trying to do is set up a second relay, but for authentication only. So...I guess it's not quite the same as what the original poster mentioned, but something I'm still curious on the system requirements. It'll really be somewhat of a dumb client, pointing to the LDAP database of the existing server, and requiring authentication for all relaying.

[jholder]

Community Edition=Open Source Edition

I should clarify that, you could set up the Open Source edition to capture mail if your 1st MTA goes down. If you want a true second server install, you should have both running NE, and you'd need to talk to your acct rep for more info on licensing requirements.

whew 256 is cutting it close. You maybe could do it if you only run ldap and mta. . .but that's cutting it real close.

[area]

Yeah, that should work. That's how we have it set up here at Zimbra, so that when we do updates, our MTA still captures messages.

License wise, you may just wish to install the Community Edition on that box.

I'm interested in how you configured the backup server.

Do you just forward at the domain level or do you have all the account, aliases and distribution lists defined on the backup server (with appropriate forwards to the main server)?

If you are just forwarding at the domain level, how do you handle spam sent to invalid addresses?

On the main server, emails to invalid addresses are rejected at the 'envelope' stage of the SMTP transaction but a backup server will forward all emails to the main server and, for emails to invalid addresses, it will generate a rejected email which in most cases will bounce back to the admin@domain.com address.

Is there some way to configure Zimbra on a backup server to check the email address on the primary server before accepting the email?

Thanks - Angus

[phoenix]

Is there some way to configure Zimbra on a backup server to check the email address on the primary server before accepting the email?

That would be extremely difficult as the only time a secondary server would be used is when the primary is unavailable. A backup mail server is just meant to accumulate mail until the primary is back online.

[LMStone]

Yeah, that should work. That's how we have it set up here at Zimbra, so that when we do updates, our MTA still captures messages.

License wise, you may just wish to install the Community Edition on that box.

Domains only on the backup MX? How do you handle the backscatter between the primary MX and the backup MX when the backup MX accepts an email for nonexistentuser@legitimatedomain.com?

All of the Postfix documentation preaches never to accept delivery of any email except for valid recipients.

Is the backup MX an LDAP slave? Is it legal from a Zimbra license standpoint for a CE Zimbra install to be a slave to an NE Zimbra install?

Thanks!
Mark

[pgienger]

If you've ever set up a 'regular' backup MX, it doesn't require any special consideration for users. I would imagine that it just sends back a non-existant user message to mail from: address given in the SMTP conversation.

Think about it this way: if you're forced to use it, your ISP's customer facing smtp server accepts mail from you for any domain, it doesn't know your recipient exists, but it still accepts it, just as any mail relay listed in your headers did. In a non open-relay you either say who you're going to accept mail from (host wise), or who you're going to accept mail to (on a domain level), and it lets the endpoint figure out the validity. It also has to work this way in case your host isn't available for authentication and mail sits in some halfway queue for a while.

The only real reason I asked is just in case there was any configuration in the ZCS suite that would deny it from being a relay in the 'traditional' manner, and I didn't have time to go digging through the configs for any obscure parameter

[LMStone]

If you've ever set up a 'regular' backup MX, it doesn't require any special consideration for users. I would imagine that it just sends back a non-existant user message to mail from: address given in the SMTP conversation.

Think about it this way: if you're forced to use it, your ISP's customer facing smtp server accepts mail from you for any domain, it doesn't know your recipient exists, but it still accepts it, just as any mail relay listed in your headers did. In a non open-relay you either say who you're going to accept mail from (host wise), or who you're going to accept mail to (on a domain level), and it lets the endpoint figure out the validity. It also has to work this way in case your host isn't available for authentication and mail sits in some halfway queue for a while.

The only real reason I asked is just in case there was any configuration in the ZCS suite that would deny it from being a relay in the 'traditional' manner, and I didn't have time to go digging through the configs for any obscure parameter

I know alot of people set up backup MX hosts this way, but we never set up backup MX servers to do "store and forward" for whole domains because of the backscatter between the two servers.

Consider: Spammer sends an email directly to the backup MX to a non-existent user. The backup MX accepts the email and then tries to send it to the primary MX.

The primary MX does a recipient check and rejects the email, sending the backup MX a bounce notice.

The backup MX now tries to contact the original sender (not likely) with its own bounce message.

Worse, if the spammer forged the sender as, say, "postmaster" on the recipient domain, then the backup MX bounce message will be sent to the primary MX.

The end result is you have greatly increased the traffic on your servers needlessly, when all you had to do was not accept the spam in the first place--by doing recipient verification on the backup MX.

We build non-Zimbra Postfix gateway boxes for Exchange servers to do email pre-filtering and backup services, and sometimes act as an Exchange SmartHost so the Exchange box never gets a public IP, let alone an MX record.

On the Postfix box, we run a script that does an LDAP lookup in Active Directory and then extracts all of the valid email addresses. The script then rebuilds the relay_recipients table on the fly with this info and refreshes Postfix.

I imagine your backup box could run a similar script against the Zimbra box as well.

Here's the Postfix doc on backscatter: Postfix Backscatter Howto

The Active Directory LDAP lookup script is from The Book of Postfix (No Starch Press), by Hildebrandt and Koetter.

Hope that helps,
Mark

[pgienger]

I'm hoping that the particular point you're getting at will be rendered moot by the spam filters and RBLs in Zimbra, which is a question I forgot to, or didn't think to ask originally... that is will ZCS be filtering as spam on the backup MX? I imagine RBL would come into play since that happens way before content filtering.

If somebody sends non-spam to an invalid address I'm sure they'd like to know, but spam should get silently dropped as it does now.