Questions

How to setup a backup MX record

+
0 Votes
Locked

How to setup a backup MX record

stein_brian
We recently setup a multi wan router to leverage two separate ISP's - one is our original T3 and the other is business cable model. All traffic other than SMTP traffic goes out whichever link is less used, and SMTP traffic is pinned to the original T3 link. Our current MX record points to our hardware spam filter which has a public IP address from the T3 ISP. The question I have is what is the best way to create a secondary MX record in the event my T3 ISP goes down. Currently if that happens I will still have internet traffic but not email. I know i can create a second MX record with a lower cost (say 20), but wasn't sure exactly the correct method for having it kick in, still send to my spam filter to be forwarded to my exchange server. Any information would be greatly appreciated, thanks!
  • +
    1 Votes
    JPElectron

    You need to configure both the spam appliance and your mail server to be in the private IP space behind the multi-wan router. Then ensure SMTP is allowed inbound from either ISP. Then setup two MX records...

    MX 10 > primary ISP IP > spam appliance > your mail server
    MX 20 > secondary ISP IP > spam appliance > your mail server

    You cannot control how other mail servers will deliver, sure it's supposed to be try MX 10 first, then MX 20, but for any number of reasons another mail server out on the Internet may try to deliver to MX 20 first - you want mail to be delivered all the time, to either, regardless of which one is used. Only when one is found down/un-responsive (cause you've lost that ISP connection) should a mail server try the alternate, but in the real world it doesn't always happen that way.

    +
    0 Votes
    stein_brian

    OK so if I understand correctly, I would create an additional A record for the public DNS with a public IP for the spam appliance, that way it has a public IP for both ISP's. The MX record will have a cost of 20 and then as long as my multi wan router is configured to allow SMTP inbound I should be ok? Does that sound right? Thank you!

    +
    0 Votes
    JPElectron

    The spam appliance should have two public IPs (one IP from each ISP connection) both of these IPs would "port-forward" or "map" to port 25 (smtp) at the 1 private IP of the spam appliance.

    +
    0 Votes
    stein_brian

    Sorry one last question. I get where you say you cannot control how other mail servers will deliver, so what happens in the case where it tries to deliver mail and that ISP is down? Say it tries MX 10 first and MX 10 is down, will go right to MX 20 or will that mail get bounced back? Thank you so much for all your help!

    +
    0 Votes
    JPElectron

    Right, that's how MX priority's are supposed to work, if 10 is down then try 20, if 20 is down then try 30, etc. The number is not important, it's just supposed to represent an order, for example your MX priorities could be 5, 10, 15, 20, etc.

    Say you have MX 10 and MX 20... If MX 10 is down/unavailable the sending server should immediately try MX 20, or it may try to deliver at the next scheduled interval (usually every 4 hours, up to 24 or 48 depending on server configuration) Eventually it will get delivered.

    +
    0 Votes
    stein_brian

    Awesome, thank you so much for your help!

  • +
    1 Votes
    JPElectron

    You need to configure both the spam appliance and your mail server to be in the private IP space behind the multi-wan router. Then ensure SMTP is allowed inbound from either ISP. Then setup two MX records...

    MX 10 > primary ISP IP > spam appliance > your mail server
    MX 20 > secondary ISP IP > spam appliance > your mail server

    You cannot control how other mail servers will deliver, sure it's supposed to be try MX 10 first, then MX 20, but for any number of reasons another mail server out on the Internet may try to deliver to MX 20 first - you want mail to be delivered all the time, to either, regardless of which one is used. Only when one is found down/un-responsive (cause you've lost that ISP connection) should a mail server try the alternate, but in the real world it doesn't always happen that way.

    +
    0 Votes
    stein_brian

    OK so if I understand correctly, I would create an additional A record for the public DNS with a public IP for the spam appliance, that way it has a public IP for both ISP's. The MX record will have a cost of 20 and then as long as my multi wan router is configured to allow SMTP inbound I should be ok? Does that sound right? Thank you!

    +
    0 Votes
    JPElectron

    The spam appliance should have two public IPs (one IP from each ISP connection) both of these IPs would "port-forward" or "map" to port 25 (smtp) at the 1 private IP of the spam appliance.

    +
    0 Votes
    stein_brian

    Sorry one last question. I get where you say you cannot control how other mail servers will deliver, so what happens in the case where it tries to deliver mail and that ISP is down? Say it tries MX 10 first and MX 10 is down, will go right to MX 20 or will that mail get bounced back? Thank you so much for all your help!

    +
    0 Votes
    JPElectron

    Right, that's how MX priority's are supposed to work, if 10 is down then try 20, if 20 is down then try 30, etc. The number is not important, it's just supposed to represent an order, for example your MX priorities could be 5, 10, 15, 20, etc.

    Say you have MX 10 and MX 20... If MX 10 is down/unavailable the sending server should immediately try MX 20, or it may try to deliver at the next scheduled interval (usually every 4 hours, up to 24 or 48 depending on server configuration) Eventually it will get delivered.

    +
    0 Votes
    stein_brian

    Awesome, thank you so much for your help!