Results 1 to 7 of 7

Thread: Using regular postfix as backup MX for Zimbra OSE

  1. #1
    Yalla-One is offline New Member
    Join Date
    Apr 2011
    Location
    Norway
    Posts
    4
    Rep Power
    4

    Default Using regular postfix as backup MX for Zimbra OSE

    Hi,

    I've successfully set up a Zimbra 7 (first 7.0, now 7.1) environment based on the Open Source Edition, and it works great. However, I also would like a backup MX, and instead of going for a full Zimbra install, I would like to handle this with a more simple postfix install. I am writing here to get a feedback from other, more experienced Zimbra administrators that my thoughts are somewhat in the right direction before I venture off on this task.

    It is important that the backup MX does not become a spam trap because its spam guard is lower than the primary, Zimbra-based, MX. Thus I want the backup MX to be installed with postfix, spamassassin and the whole 9 yards. The install is OK, but the question is what data to transfer.

    In order for this to be secure, I have identified only two areas that need to be transferred from Zimbra to the backup MX on an hourly or daily basis:

    1. User accounts so that email to non-existent users are bounced immediately on the backup as well. This is planned with this script on the zimbra-side run once an hour (from the forums):
    Code:
    /opt/zimbra/openldap/bin/ldapsearch -LLL -x -D"`/opt/zimbra/bin/zmlocalconfig -s zimbra_ldap_userdn | \
           awk '{print $3}'`" -w"`/opt/zimbra/bin/zmlocalconfig -s zimbra_ldap_password | \
           awk '{print $3}'`" -H `/opt/zimbra/bin/zmlocalconfig ldap_url | \
           awk '{print $3}'` $* | \
           grep ^mail | \
           awk '{print $2}' | \
           sort > zimbra_recipients.list
    and;

    2. Backup of SpamAssassin bayes data on a daily basis:
    Code:
    /opt/zimbra/libexec/sa-learn -p /opt/zimbra/conf/salocal.cf.in --dbpath /opt/zimbra/data/amavisd/.spamassassin/ --siteconfigpath /opt/zimbra/conf/spamassassin --backup > /tmp/zimbra_q.backup
    Is this sufficient to be reasonably safe from a spam, virus and security point of view, or are there also other aspects that should be transferred from Zimbra to the backup MX?

    Are there any special postfix configurations in Zimbra I should be aware of to replicate on the backup MX, or can I use the paranoia-settings from my own manual install I used before migrating to Zimbra?

    Thanks in advance for any insight - rather long post for a first post in this forum...

    -y1

  2. #2
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    My advice would be to use a professional service as your backup MX and you'll not have to worry about it becoming a spam trap nor will you have any maintenance to worry about. You can find many paid-for services on the internet or use a free service provided as part of another package. I use easydns for my DNS hosting and they provide a backup mail service for free as part of that (there are many others), I have no association with that company other than as a satisfied user.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Yalla-One is offline New Member
    Join Date
    Apr 2011
    Location
    Norway
    Posts
    4
    Rep Power
    4

    Default

    Thanks for the reply!

    One question - I have googled quite a few of these services, and have not found a single one that offers integration of user-data and SpamAssassin-data in order to properly fight spam. Quite contrary, they seem to just blindly accept quite a lot, and forward onwards to the primary MX once it's become available.

    Am I missing something here? If not - how do I set up exporting of relevant data needed for proper and secure backup-MX handling in Zimbra to export to these paid-for services?

  4. #4
    DerekShaw is offline Junior Member
    Join Date
    Apr 2010
    Posts
    6
    Rep Power
    5

    Default Using regular postfix as backup MX for Zimbra OSE

    You are not missing anything here. You have identified the exact reason you need to proceed with your original plan. Unless you have found an outsourced solution that actually does what you want, in which case, please tell us here!

    I'm on the same track as you, a few steps behind.

  5. #5
    phoenix is online now Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    Quote Originally Posted by DerekShaw View Post
    You are not missing anything here. You have identified the exact reason you need to proceed with your original plan. Unless you have found an outsourced solution that actually does what you want, in which case, please tell us here!

    I'm on the same track as you, a few steps behind.
    You are missing something, here's one: Emergency Mail
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  6. #6
    centrex is offline Special Member
    Join Date
    Aug 2007
    Posts
    100
    Rep Power
    7

    Default

    Quote Originally Posted by phoenix View Post
    My advice would be to use a professional service as your backup MX and you'll not have to worry about it becoming a spam trap nor will you have any maintenance to worry about. You can find many paid-for services on the internet or use a free service provided as part of another package. I use easydns for my DNS hosting and they provide a backup mail service for free as part of that (there are many others), I have no association with that company other than as a satisfied user.
    There's still plenty of points for setting up a VM and rolling your own backup MX.

    1) Confidentiality - Some clients of mine will not want their mail to be leaked to a backup MX provider that is controlled by an unknown entity in a random jurisdiction out of our control

    2) Reliability - The free guys always seem to get DDOSed or bought out.

    EveryDNS was good until Dyn Inc. bought them and killed all the free stuff.

    Same goes for editdns.net - Great provider, backup MX worked well but constantly got DDOSed and then bought out by Dyn Inc. who killed all the free stuff.

    I won't deny that for a great majority of people these concerns are not going to be an issue.

    I'm just sayin': There's a lot of reasons for rolling your own, too.

  7. #7
    frosticus is offline Junior Member
    Join Date
    Jan 2012
    Posts
    7
    Rep Power
    3

    Default

    I'm at the same point myself and am curious which route you chose and if you have any insight you'd care to share.

    Also adding dnsexit to the list of backup mx providers that include spam control. I haven't used their service so can't vouch for them personally, but I am considering trying them out.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. postdrop fail to create file after upgrade to 5.0.3
    By echoadisan in forum Installation
    Replies: 23
    Last Post: 07-15-2013, 03:02 PM
  2. Risks of Hot backup and/or power failure in OSE
    By regan.wallace in forum Administrators
    Replies: 7
    Last Post: 02-19-2011, 05:38 AM
  3. OSE Backup Best Practice ?
    By Kidoucorp in forum Administrators
    Replies: 3
    Last Post: 11-30-2010, 08:38 PM
  4. [SOLVED] Backups failing, "unable to read metadata for account"
    By smcgrath1111 in forum Administrators
    Replies: 10
    Last Post: 04-10-2008, 03:15 PM
  5. OSE rotating backup script
    By reckless2k2 in forum Installation
    Replies: 1
    Last Post: 07-04-2007, 04:55 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •