Using EFA as MX1 and MX2

Questions and answers about how to do stuff
Post Reply
disciple
Posts: 9
Joined: 16 Sep 2017 11:58

Using EFA as MX1 and MX2

Post by disciple » 20 Sep 2017 07:16

Sorry to double post, but the other thread has a wrong title (was initially posted because of another problem).

I would like to use EFA as MX1 and MX2 for different domains and then in EFA reroute traffic to the appropriate mailserver. What would be the recommended setup if I would want two EFA mailfilters, one maybe the backup of the other? Is there some sort of fallback configuration possible or should I just configure them the exact same way?

budy
Posts: 74
Joined: 10 Sep 2017 07:33

Re: Using EFA as MX1 and MX2

Post by budy » 21 Sep 2017 09:11

Well… good question. As far as the backup-setup goes, this is usually configured by setting the MX priority for the resp. MX servers in your DNS. The MX with the lower priority will be your primary MX and the one with the higher priority will be your backup MX. However, when I had two MX records, spammer used to choose the backup MX one - probably hoping that the backup MX would have a less rigorous configuration (which of course it hadn't ;) ).

If one eFA can handle all the traffic for your domains, just setup another using the same settings/konfig and have your MX records set to different priorities. If you want your eFas to primarily accept messages for one domain, have the MX settings in a way, where the other eFa has a higher priority for that domain you don't want it to server primarily.

disciple
Posts: 9
Joined: 16 Sep 2017 11:58

Re: Using EFA as MX1 and MX2

Post by disciple » 21 Sep 2017 09:36

Thank you budy, very happy with an answer.

I guess I'll just configure two EFA just identically and make the one MX1 and the second MX2 as a backup.

Also, as some kind of load balancing I can for instance make:

for domain A the MX1 the high priority MX record and MX2 the low priority MX record
for domain B the MX2 the high priority MX record and MX1 the low priority MX record

So avoiding that in normal circumstances MX2 is just sitting there idle while MX1 is working his butt off :)

budy
Posts: 74
Joined: 10 Sep 2017 07:33

Re: Using EFA as MX1 and MX2

Post by budy » 21 Sep 2017 16:44

Exactly. :)

User avatar
darky83
Site Admin
Posts: 531
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: Using EFA as MX1 and MX2

Post by darky83 » 21 Sep 2017 18:49

Keep in mind that in some cases your 'backup' MX might even get a higher load than your primary.

We sometimes see domains that receive 80% of their spam on the secondary MX.
Some tricks spammers sometimes use is to send mail only to the secondary MX as some domains just have a 'relay' for the secondary without scanning.

Although most domains get this shorted out lately and use two spam filter methodes, you might see a higher load on your secondary node than on your primary node because of this.
Version eFa 4.0.0 now available!

disciple
Posts: 9
Joined: 16 Sep 2017 11:58

Re: Using EFA as MX1 and MX2

Post by disciple » 22 Sep 2017 05:58

OK great, thanks for the input!

Woger
Posts: 60
Joined: 15 Mar 2017 10:54

Re: Using EFA as MX1 and MX2

Post by Woger » 29 Sep 2017 11:37

For load balancing I would use round-robin and just one mx record.
But I use also a primary and a secondary mailserver. The adds an extra point to the spamassassin score just because it's the secondary and mostly used by spammers.

disciple
Posts: 9
Joined: 16 Sep 2017 11:58

Re: Using EFA as MX1 and MX2

Post by disciple » 04 Oct 2017 10:44

Hi Woger, how would you configure that? Round robin and one MX record?

budy
Posts: 74
Joined: 10 Sep 2017 07:33

Re: Using EFA as MX1 and MX2

Post by budy » 05 Oct 2017 07:30

I'd rather have the extra score for spammers using the backup mx… ;)

User avatar
pdwalker
Posts: 1167
Joined: 18 Mar 2015 09:16

Re: Using EFA as MX1 and MX2

Post by pdwalker » 06 Oct 2017 03:11

I understand why you are marking up the backup MX record, but I personally wouldn't do that. What if your main mail server is down, and your legitimate mail goes to the secondary MX? You may have legitimate mail now being marked as spam, possibly even training the system to recognize it as spam.

If you know ahead of time that your primary is down (maintenance, upgrade, etc) you could undo that extra score, of course, but that's just one extra thing to have to remember.

budy
Posts: 74
Joined: 10 Sep 2017 07:33

Re: Using EFA as MX1 and MX2

Post by budy » 07 Oct 2017 11:07

That's of course a valid point to consider.

Woger
Posts: 60
Joined: 15 Mar 2017 10:54

Re: Using EFA as MX1 and MX2

Post by Woger » 09 Oct 2017 08:55

disciple wrote:
04 Oct 2017 10:44
Hi Woger, how would you configure that? Round robin and one MX record?
Something like this:

mailserver.domain.com. A IN 1.2.3.4
mailserver.domain.com. A IN 1.2.3.5

domain.com. 10 MX mailserver.domain.com.

I think that should work, but haven't tried it ;)

disciple
Posts: 9
Joined: 16 Sep 2017 11:58

Re: Using EFA as MX1 and MX2

Post by disciple » 09 Oct 2017 15:02

Thanks Woger, seems interesting.

But since you haven't tested it, question to others: does anybody else have this live in this way?

User avatar
pdwalker
Posts: 1167
Joined: 18 Mar 2015 09:16

Re: Using EFA as MX1 and MX2

Post by pdwalker » 09 Oct 2017 17:50

It'll work, although I wouldn't recommend it unless those two IPs are highly available IPs.

Why? If I make a requests to .4, and .4 is down, the system will delay the second mail attempt - resulting in slower mail delivery. The next request may get .5 depending on how the DNS resolver handles hosts with multiple A records.

If I have two mx records, one for .4 and one for .5, then, depending on the mail processor, it make make an attempt immediately to the secondary mx record before delaying the mail to try again, thus over all faster mail delivery.

Round Robin is useful as a cheap way of load balancing assuming both machines are running. (It'll be even more useful if/when EFA supports clustering). It's not so good for redundancy when one hosts isn't responding, like I've described above.

Go with the secondary mx record if you have two IPs and two machines.

Also, it's better if your secondary mx host is not on your network and can store/forward mail to your primary mx host when it is available, in my opinion.

disciple
Posts: 9
Joined: 16 Sep 2017 11:58

Re: Using EFA as MX1 and MX2

Post by disciple » 11 Oct 2017 13:09

Thanks all, great points to consider. I'll think about it some more and make a final decision.

jamerson
Posts: 137
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: Using EFA as MX1 and MX2

Post by jamerson » 30 Oct 2017 23:20

this is very intersecting idea,
has anybody got it working ?
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!

jase72
Posts: 20
Joined: 21 Jul 2017 09:06

Re: Using EFA as MX1 and MX2

Post by jase72 » 16 Nov 2017 14:34

If you want to load balance your servers then rather than DNS round robin use two MX records but have the same weight for them. Sending servers are supposed to randomise equal weight records.

Addendum: To clarify - With equal weight MX records sending SMTP servers will use a random record and if that fails then they'll use any other equal weight records. This avoids the issue with DNS RR whereas a server can latch onto an A record and will keep on trying that failed server. With equal weight MX the sending server will immediately try the other record(s).

Post Reply