Page 1 of 1
How to handle relay of other domain during backups?
Posted: Fri Jan 04, 2008 6:23 pm
by Ruthiness
Hi
I'm using ombackup according to wiki and it works great. However, since Scalix is set to accept mail for another domain (for the purpose of example let's say the other domain is "otherdomain.com"), when the ombackups shuts down Scalix for 15 minutes or so during the night, mail that comes in during that time is returned with an error if for that relayed domain.
What do I need to do on sendmail to allow the relaying of the other domain to the sendmail queue while Scalix is down? The mail is being sent by server scripts for alerts from other servers in the same data center but not on the same domain.The sender gets a "domain not found" returned mail as can seen below.
I am presuming it is because of the backups but the last attempt done at 3am or so - Scalix should not be still down. I run ombackup at 1am every morning.
Reporting-MTA: dns; pp-advdb-rpt1.olddomain.com
Received-From-MTA: DNS; pp-advdb-one
Arrival-Date: Fri, 4 Jan 2008 03:35:40 -0500 (EST)
Final-Recipient: RFC822;user@olddomain.com
Action: failed
Status: 5.1.3
Remote-MTA: DNS; newmail.olddomain.com
Diagnostic-Code: SMTP; 553 5.1.8 <root@pp-advdb-one.olddomain.com>... Domain of sender address
root@pp-advdb-one.olddomain.com does not exist
Last-Attempt-Date: Fri, 4 Jan 2008 03:35:40 -0500 (EST)
Posted: Fri Jan 04, 2008 7:15 pm
by Ruthiness
Hmm.. I think I found out what was happening and perhaps someone can verify my thoughts.
The client who is using the Scalix server is using a new domain for the Scalix server to receive their email. They had a hosted mail setup on the old domain. To handle mail for the old domain, I advised setting up an MX record on olddomain.com as follows:
MX 0 newmail.newdomain.com (Scalix server on new domain)
100 oldmail. olddomain.com (old hosted mail server for backup)
But instead what they have done on olddomain.com is:
MX 0 newmail.olddomain.com
IN A newmail.olddomain.com (with same IP as newmail.newdomain.com)
So, of course, a tech doing scripts on some other servers, who was probably routing through olddomain.com mail server is getting bounces as I showed above.
If I check the reverse DNS for the IP address of the Scalix mail server it resolves to newmail.newdomain.com as it should. But the A record on olddomain.com pointing to the same name could be a problem right? I am assuming that IF the tech continues to relay through the old domain (why they would I don't know) then when it reaches the Scalix server it will say it is looking for newmail.olddomain.com and Scalix will say - huh? I'm newmail.newdomain.com - go away.
Is my recommendation for the DNS for the old domain correct and should I tell them to get rid of the duplicate A record on the old domain using same IP as the Scalix server on the new domain?
Posted: Fri Jan 04, 2008 7:31 pm
by mikevl
Hi
You certainly need to fix up your DNS soon.
Also look at LVM for backups. You can then backup as often as your want during the day to a tar file or rsync copy without interrupting the users on the system.
Posted: Sun Jan 06, 2008 1:14 am
by Ruthiness
Can anyone verify for me that I should recommend that they do the following with the DNS for the old domain?
1. Remove the A record that uses the duplicate IP for the new mail server
2. Set the MX record to the new mail server on the new domain.
For example - the new mail server is mail.newdomain.com
Someone in charge of the DNS for olddomain.com made up a name - mail.olddomain.com and set the IP to be identical to mail.newdomain.com as an A record and then set the MX record to that.
I recommended using for the MX record for olddomain.com to be:
mail.newdomain.com
and as backup oldmail.olddomain.com
I'm not an expert by any means in DNS or mail servers so someone please just humor me and confirm my thoughts on this?
Posted: Sun Jan 06, 2008 3:53 am
by Mikev
Hi
1) Yes. If your not using the OLD DNS any longer then you shounld not have any reference to it
2) Yes
This would help
Just as importataly
Is there a record in you internal DNS and/or your hosts file that says
xxx.xxx.xxx.xxx "mailserver.mydomain.local" or "mailserver.mydomain.com" mailserver
I think you have hinted this above but just making sure.
Mike
Posted: Mon Jan 07, 2008 1:14 pm
by Ruthiness
Mikev wrote:Hi
1) Yes. If your not using the OLD DNS any longer then you shounld not have any reference to it
2) Yes
This would help
Just as importataly
Is there a record in you internal DNS and/or your hosts file that says
xxx.xxx.xxx.xxx "mailserver.mydomain.local" or "mailserver.mydomain.com" mailserver
I think you have hinted this above but just making sure.
Mike
Thanks Mike,
Yes I have Scalix setup for the new domain according to all the install directions and everything works fine. Scalix receives mail properly for the old domain through the relaying option in (I think) smtpd.cfg .. so I think that is all I need to do to "handle" email for the old domain.
The client continues to pay for the old domain and the old mail server and this will be indefinte. But Scalix on the new domain and new server is letting them use NetSuite and ultimately, Outlook Connector (once there is support for Outlook 2007)
So the client is relying on the new domain and new mail server, but wants to keep support for the old domain and I am fairly sure I have it set up properly. However, the client initiated DNS changes on the old domain that ended up with this A record and IP address that duplicates the new mail server on the old domain DNS. So I am trying to get them to change it.
If I reverse lookup the IP and it goes properly to the new mail server. But there is another tech working with this client who was (and maybe still is) using the old mail server for sending mail so he is expecting the mail server at the old domain to "masquerade" or something.. so it goes to the Scalix server with the proper IP address but the wrong hostname which comes from the incorrect DNS entry. So Scalix essentially thinks someone is spoofing I think.
I have asked him to change to using the NEW mail server for his outgoing mail so his scripts use the NEW mail server but it seems he wants me to setup something in sendmail on the NEW mail server to allow the "masquerading" of the old domain's mail server name. Can someone please confirm for me that this is unnecessary?
Posted: Mon Jan 07, 2008 1:30 pm
by Ruthiness
Also - is there any way to switch to LVM after install time without a lot of headaches?
Since this was not done during the install of the server (and I asked the client if they wanted it but maybe should have insisted), do I essentially need to add a new set of disks and make them LVM to make this happen ?(my suspicion)
Posted: Mon Jan 07, 2008 5:35 pm
by kanderson
You could leave the server up and running and dump individual user mailboxes using sxmboxexp while the server is online. This is great for a single user restore, but it sucks to recover a whole server from...
There's no nice way to move to LVM after the server is built.
Kev.
Posted: Tue Jan 08, 2008 6:33 pm
by Ruthiness
Thanks Kev,
We'll look into maybe doing the full "ombackup" once a week to minimize disruptions - although the disruptions are indeed pretty small. Seems like the sxmboxexp will work just fine and perhaps will allow us to run more frequent user mailbox backups.
Posted: Tue Jan 08, 2008 6:39 pm
by kanderson
Make sure to dump the public folders too. Those are often forgotten, but they're great to have. omcpoutu didn't allow it, whereas sxmboxexp does. The man page gives good examples of everything.
In my opinion, that's one of the best commands to have been added in a long time. SXAA was another great addition.
Thanks
Kev.