Question

Locked

How to setup a backup MX record

By stein_brian ·
We recently setup a multi wan router to leverage two separate ISP's - one is our original T3 and the other is business cable model. All traffic other than SMTP traffic goes out whichever link is less used, and SMTP traffic is pinned to the original T3 link. Our current MX record points to our hardware spam filter which has a public IP address from the T3 ISP. The question I have is what is the best way to create a secondary MX record in the event my T3 ISP goes down. Currently if that happens I will still have internet traffic but not email. I know i can create a second MX record with a lower cost (say 20), but wasn't sure exactly the correct method for having it kick in, still send to my spam filter to be forwarded to my exchange server. Any information would be greatly appreciated, thanks!

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Everything needs to be behind the multi-wan router...

by JPElectron In reply to How to setup a backup MX ...

You need to configure both the spam appliance and your mail server to be in the private IP space behind the multi-wan router. Then ensure SMTP is allowed inbound from either ISP. Then setup two MX records...

MX 10 > primary ISP IP > spam appliance > your mail server
MX 20 > secondary ISP IP > spam appliance > your mail server

You cannot control how other mail servers will deliver, sure it's supposed to be try MX 10 first, then MX 20, but for any number of reasons another mail server out on the Internet may try to deliver to MX 20 first - you want mail to be delivered all the time, to either, regardless of which one is used. Only when one is found down/un-responsive (cause you've lost that ISP connection) should a mail server try the alternate, but in the real world it doesn't always happen that way.

Collapse -

Reponse To Answer

by stein_brian In reply to Everything needs to be be ...

OK so if I understand correctly, I would create an additional A record for the public DNS with a public IP for the spam appliance, that way it has a public IP for both ISP's. The MX record will have a cost of 20 and then as long as my multi wan router is configured to allow SMTP inbound I should be ok? Does that sound right? Thank you!

Collapse -

Reponse To Answer

by JPElectron In reply to Everything needs to be be ...

The spam appliance should have two public IPs (one IP from each ISP connection) both of these IPs would "port-forward" or "map" to port 25 (smtp) at the 1 private IP of the spam appliance.

Collapse -

Reponse To Answer

by stein_brian In reply to Everything needs to be be ...

Sorry one last question. I get where you say you cannot control how other mail servers will deliver, so what happens in the case where it tries to deliver mail and that ISP is down? Say it tries MX 10 first and MX 10 is down, will go right to MX 20 or will that mail get bounced back? Thank you so much for all your help!

Collapse -

Reponse To Answer

by JPElectron In reply to Everything needs to be be ...

Right, that's how MX priority's are supposed to work, if 10 is down then try 20, if 20 is down then try 30, etc. The number is not important, it's just supposed to represent an order, for example your MX priorities could be 5, 10, 15, 20, etc.

Say you have MX 10 and MX 20... If MX 10 is down/unavailable the sending server should immediately try MX 20, or it may try to deliver at the next scheduled interval (usually every 4 hours, up to 24 or 48 depending on server configuration) Eventually it will get delivered.

Collapse -

Reponse To Answer

by stein_brian In reply to Everything needs to be be ...

Awesome, thank you so much for your help!

Back to Networks Forum
7 total posts (Page 1 of 1)  

Hardware Forums