Drop me a message !
english french

How to configure a SME server as a secondary SMTP server (or MX-Backup)

Type How To
Version 1.1.2
Tested on SME 5.0, 5.12, 5.5, 5.6, 6.0, 6.0.1, 7.0, 7.1, 7.2, 7.3 and 7.3-utf-8

What is a MX Backup
What do you need to set-up a MX Backup ?
Installation
Test and Validation
Enabling the configuration
Case of a SME server using a 'Smart Host'
   What is a 'SmartHost' ?
And after ?
smeserver-mxbackup and SME7.3 with the 'April 2008' update
Change Log

What is a MX Backup

Mails flow through Internet via a dedicated protocol : SMTP for Simple Mail Transport Protocol.
This protocol, as stated in it name, is 'fairly' simple. When you send a mail, the first SMTP server start to analyze the recipient e-Mail. Look at this E-Mail :

john.smith@smithnet.com

The part john.smith - part at left of the @ sign - is of no interest for the sender server : Comparing with 'snail mail', this is the Postal Box of Mister John Smith. This part will be used only by the destination SMTP server.

In contrary, the right part of the E-Mail, smithnet.com is of great interest : Still comparing to snail mail this is the final Post Office address.

In fact, this part of the address is a name, generally speaking a domain name. the SMTP server must now find the valid(s) SMTP server(s) for the domain smithnet.com. It does this by asking it's DNS server.

In literal English, the SMTP Server ask it's DNS Server : "Could you please tell me witch are the SMTP servers for the domain smithnet.com ? "
And the DNS Server give a list of servers name, with one more information : the priority order of the SMTP recipients.

Theses informations are stored in specifics entry of the DNS, named MX record (for Mail eXchanger)

You can check this kind of informations for instance so :

# host -t mx cw.com
cw.com mail is handled by 20 mail14.messagelabs.com.
cw.com mail is handled by 10 mail49.messagelabs.com.

Now, the sender SMTP server knows witch servers could accept the mails. It then try to send to the server with the lowest priority, also known as 'Primary MX server' or 'Primary SMTP server'.

But sometime, this Primary MX Server cannot be reached.
This is why we can put more than one server for one domain.

Note: today, many 'big' domain have more than one 'primary server'. In this case, the connection is made on a ramdom basis. This permits a distributed load, and a better scalability.

Configuration of a MX-Backup ?

We have to set two parts :

What do we need to set-up a MX Backup ?

Needless to say, you need another SMTP admin wanting to do this stuff with you :-)

This page was written with my favorite Linux Distro in Mind : SME Server. But, with some adjustments, this should work on any server using QMAIL as SMTP service, except for the third method, using a RPM very SME specific.

You need also :

Installation

Starting from here, some assumptions for the whole samples :
You are working with another admin on another domain, and you plan to be MX-Backup one for the other.

There are three installation methods, for differents version of SME. Choose your installation, and then continue to Test and Validation

Method One, for SME Server version 5.0 and 5.1.2

  1. Download the Tarball file on your SME 'MX Backup' server.
  2. Uncompress the tarball: with the root account, go to the directory with the tarball and type:
    # tar xvfP MXBackupDomains.tar
    /etc/e-smith/templates-custom/var/spool/smtpd/etc/smtpd_check_rules/61MXBackupDomains
    /etc/MXBackupDomains
    You have now two news files on your system :
    61MXBackupDomains    is the template fragment to alter the smtpd_check_rules file.
    /etc/MXBackupDomains is the parameter file.
  3. We now need to change the parameter file
    Choose your favorite file editor, edit /etc/MXBackupDomains  to add the list of all domains you plan to be a MX-Backup.
    Warning: Only lines starting by domain= are considered as valid.
    In our sample, the doecom.net admin will put :
    domain=smithnet.com in the parameter file.
  4. To activate the configuration change, just do :
    # /sbin/e-smith/expand-template /var/spool/smtpd/etc/smtpd_check_rules
    #
    This command give no return message if all is working well.
  5. (If you want) You can control the operation. For that, open the /var/spool/smtpd/etc/smtpd_check_rules file :
    -------------- <snip> ----------------------
    # list of domains for witch we are acting as MX backup
    # Receiving mail for the domain smithnet.com is allowed on this system
    allow:ALL:ALL:*.smithnet.com *@smithnet.com
    -------------- </snip> -----------------------
    
That's all ! You don't ever need to restart a service, as the file is checked at each new mail delivery.

Method Two, for SME Server Version 5.5 and 5.6 (Should work with minor changes for any QMAIL system)

OK, I must admit : I really did the minima for theses versions (But see Method three for SME 6 and upper !)

You nearly need to do anything by hand - (BTW, it's time to change to SME 6 :-) )

  1. Edit this file with your favorite file editor. Let's look into it :
    # 20QandD (Quick and Dirty...)
    # This file add Quick and Dirty the lists of domains we acts as a MX-Backup
    # in the lists of QMAIL allowed domains
    # Pascal Schirrmann Sep 30, 2002
    # Syntax : You need two lines by approved domains
    # domain.ntlg
    # .domain.ntlg
    # First line allow mail like : bar@foe.com 
    # Second line allow mail like : bar@server.foe.com 
    # 
    # Domains allowed for MX-Backup
    smithnet.com
    .smithnet.com
  2. Generation of rcpthosts :
    # /sbin/e-smith/expand-template /var/qmail/control/rcpthosts
  3. (If you want) You can control the result. For that, look if /var/qmail/control/rcpthosts is like you wanted it. You can see that the file 20QandD is simply appended at the end of /var/qmail/control/rcpthosts

For other QMAIL SMTP Server

This need to be tested, but I think that, if you edit the rcpthosts file according to the above rules, this should do the trick
You should not encounter the specific 'trouble' of SME server : On SME server, config file are regenerated, so if you do a change in the config file, at next generation, your change is lost. That's why the changes are set in templates files.

Method Three, for SME Server version 6.0 and upper

Here is my great work !!! I wrote a Panel to control the MX-Configuration directly from the server-manager !

Nota : Since April 2008, SME 7.3 had known a major system change. More information here. Due to these change, I wasn't able to create a unique RPM for the two sort of SME server. They are now two set of RPMS :

The explanation here are for the most recent version. please remove 'utf8-' when needed if your SME version is not so up to date.

You can download the Installation RPM .
The Source RPM is also available, for developers or curious. This RPM is not needed for normal operations.
This software is under the GNU license. In short, it's free for use and change, as long as it stay free.

Installation is simple :

# rpm -Uvh http://www.schirrms.net/files/smeserver-mxbackup-utf8-0.1.0-03.noarch.rpm
Preparing...                ########################################### [100%]
   1:smeserver-mxbackup-utf8########################################### [100%]
Rebuilding Web Server Manager Left Panel Cache ... Can take up to a minute.
Done.
Setting defaults values in SME configuration database, if needed. Don't change any existing configuration.
Migrating existing database domains
Migrating existing database spamassassin
Migrating existing database configuration
Migrating existing database hosts
Migrating existing database yum_repositories
Migrating existing database yum_available
Migrating existing database backups
Migrating existing database networks
Migrating existing database mailpatterns
Migrating existing database accounts
Migrating existing database yum_updates
Migrating existing database yum_installed
Done.
Regenerating the config file...
Installation finished.
Now, in the Configuration group, you have a MX Backup Configuration option just under E-Mail.

Configuration is easy :
Just click on the 'Create a new MX-Backup rule' button to add a domain name.
Apart the name of the domain, you can select between 'HOST' and 'DOMAIN'.

That's all ! your SME server is ready to be a MX-Backup. You have also the possibility to disable and enable the MX-Backup functionality. Just click on the toggle button 'Disable MX-Backup' / 'Enable MX-Backup'. I hope you like my traffic lights !

Test and Validation

Now, the rest of the page is the same for everybody ! Every SME version, and also QMAIL admin. In fact, you can use this test for every kind of MX Backup Server.

We now want to be sure that our MX Backup configuration is up and running. To do this test, we only need a computer everywhere on Internet with a telnet client. But this computer cannot be on our site, because Mail rules are different on the local server and the local network.

The easiest way is to ask the smithnet.com admin to do the work.

Testing is the longest part of the work. The tester will have to connect with Telnet on your SME mail Service. He will have to send every command like a real SMTP server 'send' an E-Mail.

But, quick, a very short review of the needed part of the SMTP protocol :

At the beginning of the session, the SMTP sender says who it is : This is the HELO command.

Then, The SMTP sender send information needed by the SMTP receiver. You can see that like the envelope for a mail : something the receiver never look, but very useful for the postman !. In E-Mail, you almost never see this part : you have to ask for the 'Header' of the mail to see that. But there are tons of useful informations for debugging : One interesting tip is that every SMTP server that carries the mail put a 'stamp' on the envelop. so you can see how your mail traveled.
In our very simple test mail, our envelop only contains 2 lines :
MAIL From: {Sender E-mail address}
RCPT To:   {Recipient E-Mail Address}

Now it's time to start the letter content.
To do that, we send the DATA command (alone on a line). Here, we could put anything. But, if you want that your mail has a good look in a normal mail reader, we have to put some 'valuables' informations, like the sender, the receiver, the subject or the date.

Here is a complete sample :

# telnet mail.doecom.net 25
Trying 111.112.113.114...
Connected to mail.doecom.net
Escape character is '^]'.
220 sme.doecom.net mailfront ESMTP
HELO anything.other.org
250 sme.doecom.net
MAIL From: admin@anything.other.org
250 Sender accepted.
RCPT To: john.smith@smithnet.com
250 Recipient accepted.
DATA
354 End your message with a period.
From: admin@anything.other.org
To: john.smith@smithnet.com
Date: Tue, Mar 09 2004, 21:00:00
Subject: Test

This test is very famous !
.
250
QUIT
221 Good bye.
Connection closed by foreign host.
And here is the complete message (with header) that was received by John Smith
Return-Path: <admin@anything.other.org>
Delivered-To: john@server.smithnet.com
Received: (qmail 24095 invoked by alias); 9 Mar 2004 21:36:17 -0000
Delivered-To: alias-localdelivery-john@smithnet.com
Received: (qmail 24092 invoked from network); 9 Mar 2004 21:36:16 -0000
Received: from mail.doecom.net (HELO doecom.net) (111.112.113.114)
  by mail.smithnet.com (100.99.98.97) with SMTP; 09 Mar 2004 21:36:16 -0000
Received: (qmail 27033 invoked from network); 9 Mar 2004 21:27:51 -0000
Received: from some.other.computer.on.the.net (HELO anything.other.org) (200.200.200.200)
  by sme.doecom.net (111.112.113.114) with SMTP; 09 Mar 2004 21:27:51 -0000
From: admin@anything.other.org
To: john.smith@smithnet.com
Date: Tue, Mar 09 2004, 21:00:00
Subject: Test

This test is very famous !

That's OK, you did the minimum check : a Mail send for the domain smithnet.com is accepted by the mail server mail.doecom.net, and mail.doecom.net is able to forward it to mail.smithnet.com
You should also do the counter-test : check that your MX-Backup computer still refuse mail for another domain (i.e. that your MX-Backup is not a Open Relay ! ) :

# telnet mail.doecom.net 25
Trying 111.112.113.114...
Connected to mail.doecom.net.
Escape character is '^]'.
220 sme.doecom.net mailfront ESMTP
HELO anything.other.org
250 smedoecom.net
MAIL From: a_guy@anything.other.org
250 Sender accepted.
RCPT To: tomy@hotmail.com
553 Sorry, that domain isn't in my list of allowed rcpthosts.
QUIT
221 Good bye.
Connection closed by foreign host.

Enabling the configuration

Yes ! your MX-Backup system is ready ! Now, we have to tell the whole world that your mail can be processed also by your MX-Backup.
As smithnet.com admin, you have to change your internet DNS configuration. You need to add a second MX record for your domain with the name of your MX-Backup server, mail.doecom.net. This mail server to have a priority greater than your primary MX server.
Remember, the DNS to change is your public DNS (often not on your site but somewhere else on Internet).
Check the DNS configuration this way (You need the address of your primary public DNS server, to check the entry like Internet SMTP server will do) : Saying that the ip address of your primary public DNS is 1.2.3.4, check so :

# host -t mx smithnet.com 1.2.3.4
Using domain server:
Name: 1.2.3.4
Address: 1.2.3.4#53
Aliases:

smithnet.com mail is handled (pri=0) by mail.smithnet.com
smithnet.com mail is handled (pri=5) by mail.doecom.net

Great : Job done ! Just wait that DNS information are updated everywhere, and your MX-Backup is up and running.

Special case : the 'SmartHost'

I had an interesting field return about 'MX-Backup' The case of a SME server acting as MX-Backup, but using a SMTP 'SmartHost to deliver mails.

What is a 'Smart Host' ?

In SMTP protocol, a server has two choices to send a mail :

Problem : the MX-Backup mode cannot work with the 'SmartHost' Mode !

Why ?
Well, let's suppose that mail.bar.foo is the secondary MX for the domain strangers.here.
And mail.bar.foo is set to use smtp.provider.net as 'SmartHost'.
At some time, the primary MX server for the domain strangers.here is out of order. Every new mail for the domain strangers.here now arrive on the mail.bar.foo server.
But mail.bar.foo is set to use smtp.provider.net as 'SmartHost', and mail for strangers.here are to resend out. mail.bar.foo send happilly all mails for strangers.here to smtp.provider.net.
smtp.provider.net in turn does a DNS resolution, and see that the mail should be delivered to mail.bar.foo !!!

This is called 'BounceMail' (and this is bad...). In the best case, your SME server will detect the bounce first. In the worst case, it's smtp.provider.net who will find the bounce first, and you should wery fast learn some interresting thing about the mail Admin of smtp.provider.net...

Starting with version 0.1.0 of MX-Backup, this is no more possible : During MX-Backup configuration, if the system is configured to use a 'SmartHost', MX-Backup set the configuration file to still use a direct access mode to the 'MX-Backuped domains'.

But this can be even worse ! Two majors reasons can dictate to choose to use the provider SMTP server as a 'SmartHost' :

But if you're in the latter case, and if you plan to be MX-Backup for a SME server too, a solution exists. please drop me a mail, and i'll try to explain you that.

And after ?

Not a lot to add...
Maybe do you want more than one MX Backup. That no problem. Just configure the second MX-Backup like the first, and add a third MX record in your public DNS.

About smeserver-fetchmail and SME 7.3 with the April 2008 Update

Starting with the update of April 2008, SME did a major change (even if hard to see) : the system charset went from ISO-8859-1 to UTF-8 ! What does it mean ? Computers store any information as a succession of bits (that is O or 1). This is not really 'user friendly' :-) To be able to store text in a computer file, we need to associate bit succession with human character. So, in most small systems the letter A is equal to 65 (or 0100 0001) and the number one is aqual to 49 (or 0011 0001). For non american character, there are many coding tables. A fairly recent coding table UTF-8, is for now the most commonly accepted table. This table permit to store most known symbols (Greek, Chinese...). But the change is big, and I don't see a way to create a package runing in the two charset, so I created a specific package for the most updated SME server and another, neeeded until all SME server be updated (can takes years !).

Change Log

april the 20, 2008 new RPMs version 0.1.0-03 : Support of the new SME charset, UTF-8
april the 26, 2006 new RPMs version 0.1.0-02 : Complete support of SME 7 (especially the qpsmtpd part)
may the 13, 2004 new RPMs version 0.1.0-00 : Allow the use of MX-Backup on hosts using a SMart Host. But please read carefully the documentation !
april the 22, 2004 'Silent' update : bug correction. It was not allowed to use a domain name containing the number 0 (zero). this was in line with RPMs level 0.0.4-00
march 2004 Initial version with the RPMs for SME 6.0