Secondary MX

[SpEnTBoY]

Just curious what the proper steps would be to provide my primary machine as a secondary MX for other domains. I found this:

http://wiki.zimbra.com/index.php?tit...aMtaMyNetworks

But I'm not sure if this is the only thing I need to do. Previously I had defined the other domains as relay domains in a postfix based system and added them to my_networks but is this all I have to do with Zimbra? or are there more config options that need to be addressed?

I'll keep digging but I thought I'd check just in case someone has the '5 step manual' of operations needed to make your Zimbra mail server a secondary MX for other domains

--
Regards,
Lonny

[SpEnTBoY]

So ... no one has done this? lol .... Does anyone have any ideas? ... I'd like to get this right the first time rather than hacking around if at all possible.

Apart from altering the MtaMyNetworks I'm guessing I'd have to add the other domain in my domains somewhere?

I just want to relay for another domain and would like to use the admin tools provided. I had this working pretty easily in my other postfix config.

If I find something I'll post it back here.

[SpEnTBoY]

I must be missing something .. I also found the relay MTA but by the sounds of things this is just an external relay for ALL non local mail ... I don't want to use a different SMTP server to relay email, I would just like to relay _for_ another domain. I'm already listed as a secondary MX in DNS ... just need to tell Zimbra somehow now

[phoenix]

Where is the mail coming from for these other domains you mention? Are you just wanting to add other domains to your zimbra server?

[SpEnTBoY]

Where is the mail coming from for these other domains you mention? Are you just wanting to add other domains to your zimbra server?

Basically I have a friend who I was acting as a secondary MX for. If his mail server fails or goes down, I would accept and queue mail on his behalf (store and forward scenario). I just want to have my Zimbra server do this. Before I had definitions in postfix like:

in relaydomains I had a line:
hisdomain.com RELAY

and in main.cf I included his domain in the relay_domains= option.

I'm also listed in DNS as a secondary MX, 10 being the delivered to server and mine was set to 50.

Code:

MX      10 hismailserver.hisdomain.com.
MX      50 mymailserver.mydomain.com.

If his machine was ever down, I would queue up messages until his machine came back online, then I could either flush my queue manually or wait long enough and the messages would be sent from me to him.

For SMTP I had it configured in ASSP to accept mail for other domains (his).

Is this clear as mud?

I want to be able to queue mail for another domain in the event that the primary MX host is unavailable.

[phoenix]

You can do it but you'll have to hack the config files and it probably won't survive an upgrade, have a look at the details here and see if they make sense. You might find it easier to use a DNS service that has a backup mail server, I use easydns and if my server is offline they'll collect the mail for up-to five days and just forward it when it comes online. There are problems (and arguments for and against) with having a backup mail server, you can get hit by spam.

[SpEnTBoY]

Thanks Bill,

I guess it kind of appears as a backup but it's just a temporary store and forward (right now I have 2 other machines doing it for me). The spam thing isn't a big deal and can help train the spam filter anyway ... it offsets missing any emails or having to wait 4 days for it to be sent from the originating server too.

Either way if it can be done through the config files for postfix in the zimbra root then I'm laughing because that's the way I was doing it originally (just through a non zimbra-ified SMTP/MTA set up).

I'll copy my old config from the old mail server and it should be all good. I just wasn't sure if there was a mechanism for doing this through the administration interface.

Thanks again for all your time

Regards,
Lonny

[swrightsls]

We currently use qmail as our secondary MX, with ASSP as a spam proxy in front of it. Our primary MX is Mercury/32, also with ASSP on it. We will be migrating to Zimbra soon (Network edition), but need to maintain a secondary MX, with spam filtering enabled. We host our own DNS, so outsourcing DNS/MX is not cost effective. I was hoping we could install a bare bones Zimbra open source edition to provide secondary MX with spam filtering. Does anyone have tips on how to do this?

Thanks.

[mmorse]

In it's simplest form on the secondary you run the following commands:

Code:

zmprov md domain.com zimbraMailCatchAllAddress @domain.com 
zmprov md domain.com zimbraMailCatchAllForwardingAddress @domain.com
zmprov md domain.com zimbraMailTransport smtp:primary.domain.com

On your primary in /opt/zimbra/conf/zmmta.cf I would change the line for smtpd_reject_unlisted_recipients to yes, save the file and 'postfix reload'.
(Which drops traffic on the floor to non-existent addresses rather than spending time processing.)

---

As far as cutting down on spam through the secondary (not that the users would see, but that affects server load and traffic):

You can provision all users on the secondary itself, then set the ZimbraMailTransport on each account individually. Just have to remember to maintain both places.

You could configure postfix to accept an occasional dump of zmprov gaa, gaaa, gadl > address table.

Or query the primary's LDAP for a list on a schedule and store it in local_recipient_maps aka mailbox_transport_maps. Here's how we normally make use of virtual:

postfix_virtual_alias_domains = proxy:ldap:${zimbra_home}/conf/ldap-vad.cf
postfix_virtual_alias_maps = proxy:ldap:${zimbra_home}/conf/ldap-vam.cf
postfix_virtual_mailbox_domains = proxy:ldap:${zimbra_home}/conf/ldap-vmd.cf
postfix_virtual_mailbox_maps = proxy:ldap:${zimbra_home}/conf/ldap-vmm.cf

You can't just change the server_host & bind_pw in those files, you also need to cache a table copy or the system really isn't a backup, just a 2nd mx dependent on the 1st. (Once upon a time I had some scripts to do this, but don't know where those went - search the forums/wiki.)

[swrightsls]

In it's simplest form on the secondary you run the following commands:

Code:

zmprov md domain.com zimbraMailCatchAllAddress @domain.com 
zmprov md domain.com zimbraMailCatchAllForwardingAddress @domain.com
zmprov md domain.com zimbraMailTransport smtp:primary.domain.com

On your primary in /opt/zimbra/conf/zmmta.cf I would change the line for smtpd_reject_unlisted_recipients to yes, save the file and 'postfix reload'.
(Which drops traffic on the floor to non-existent addresses rather than spending time processing.)

Thanks for this, I will give it a try.

As far as cutting down on spam through the secondary (not that the users would see, but that affects server load and traffic):

You can provision all users on the secondary itself, then set the ZimbraMailTransport on each account individually. Just have to remember to maintain both places.

If we do not provision any users on the secondary, I assume this transfers the load for all spam to the primary, correct? I'm wondering if this method is less effective at catching spam than having all the users setup on the secondary? Our current system (qmail+assp) fails miserably if the secondary does not have a similar anti-spam setup.

In a relay-only Zimbra setup as described in the first part above, does spamassassin come into play at all on the secondary?

Thanks.