Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Mail delivery problem with second MX record...................

Status
Not open for further replies.
sgupte

sgupte

ISP
Feb 21, 2001
18
IN
We are having problems with delivery of mails from our email server [qmail on Red Hat Linux 6.1] which is behind the Raptor firewall. The qmail server has problem delivering mails to other domains having 2 MX records if server with higher preference MX record is down. The qmail server behind the Raptor firewall does not send mail to server with lower MX preference. To verify we did the following setup.

We have setup a domain called "test.********.com". We have 2 exchange servers in this domain . In our DNS server we have proper A & 2 MX record
entries:

A record for exmem1.test.********.com pointing to *.*.*.200
A record for expdc1.test.********.com pointing to *.*.*.201

MX record for exmem1.test.********.com with preference 10
MX record for expdc1.test.********.com with preference 20

We tested this setup with the following two scenarios.

Scenario 1: With both the Exchange servers online.

We could receive mails from

our domain (behind Raptor firewall)
hotmail.com (i.e. all other outside domains)

Scenario 2: With exmem1.test.********.com (the mail server with higher preference) down.

We could receive mails from

hotmail.com (i.e. all other outside domains)

BUT WE COULD NOT RECEIVE MAILS FROM our domain


The mail server of our domain tries to contact the higher preference mail server for test.********.com (i.e. exmem1.test.********.com) but this server is offline. Ideally it should try the next preference from the MX record in the DNS. But the mails remain in the queue and our qmail server keeps on retrying to send the mail to the first MX record without trying the second one.

I want to know whether this problem is with qmail or is it the Raptor Firewall's problem?
 
Sort by date Sort by votes
Your behind a firewall situation so that makes answering this question a little difficult with proxy type sendmail setups. Which is also my question, is this a proxy server setup?

Below is the working map of what I've done several times. hopefully this sinario will help you in your setup.

1st email server on internet - setup as a proxy firewall - domain specific email forwarded via this proxy server to intranet (firewalled) email server for all domain specific email incoming and outgoing.This firewall email server would not have a local mail delivery agent because all domain specific email is forwarded to internal email server via proxyforwarding setup.

The firewall server would have its own (primary) DNS daemon running locally on this server. Behind firewall you run a internal (secondary) DNS server running ONLY to serve all internal DNS inquiries. All workstations behind firewall would point to this internal DNS server (2nd DNS server) as its primary DNS and the firewall dns server as workstations setup for secondary DNS. Thus you can have a seperat MX map for internal email routing and on internet side a completely different MX map. Remember a DNS server can run both mapping of primary and secondary in its records.
Setup has a 3rd DNS server for the internet (or not behind firewall) side that your firewall sees and uses as secondary dns. Your firewall box knows of internal dns server only because its in the dns records. firewall box is not configured to use internel dns server for any dns needs. This third box provides internet side of things or net secondary required secondary dns.

Thats the basic setup.
As for qmail i would really consider running regular sendmail on both boxes and procmail for local deliver agent on the behind firewall email server. This would allow you a much more controled configuration. Where-by internal company mail can be sent with user name only with a host listed or attached. IE user@ host can just be "user". this is your internal completely secure email system that insures if no @host is placed in email it would never reach the proxy firewalled email to internet side of world.

If this doesn't help....give me more specifics and email them to me at maxit@rcwing.com

Maxit

The 2nd internal email server (behind firewall) has all outgoing mail (other than internal domain) is immediately forwarded to the firewall proxy email server for outgoing (internet side) distribution. But all domain specific is keep on internal mail server with a local delivery agent that all workstations are setup via pop3 to use.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MP2023
  • Locked
  • Question
mail Server
Replies
0
Views
218
MP2023
MP2023
MP2023
  • Locked
  • Question
Mail Server zimbra
Replies
0
Views
242
MP2023
MP2023
TSch
  • Locked
  • Question
Problem with NFS automount
Replies
1
Views
135
iggsterman
iggsterman
harro1968
  • Locked
  • Question
Help with ProxyPass
Replies
0
Views
152
harro1968
harro1968
CecilXavier
  • Locked
  • Question
RHEL IDM with Radius not authenticating
Replies
0
Views
183
CecilXavier
CecilXavier

Part and Inventory Search

Sponsor

Back
Top