Configuring James to be a Smarthost or Secondary MX


This page describes how to configure James to act as a bidirectional MX (receives mail on behalf of internal server{s} and relays mail out for same) without being a spam relay. This is also known as a "smart host" configuration in some circles. It could also be used to add a second MX for loading balancing or failover. The former solution is typical for sites that wish to prevent direct communications to internal systems thus:

james_config_smart_host.png

where a firewall is typically used between the Internet, MX and internal mail server.

MX DNS Example:

IN      MX      10 mx.apache.org. 

See below for example config.xml

Load balancing/failover is achieved thus:

james_config_load_balance.png

where DNS records are used to identify multiple systems handling mail for the domain (although I suppose that one could use some sort of hardware based device if really pressed to do so). Load Balancing is accomplished by setting up an MX record for each of the mail servers with the same MX number, while failover requires that the failover server have a higher MX number.

Load Balancing MX DNS Example:

IN      MX      10 moe.apache.org.
IN      MX      10 larry.apache.org.
IN      MX      10 curly.apache.org.

Failover MX DNS Example:

IN      MX      10 dexter.apache.org.
IN      MX      20 deedee.apache.org.

Likewise, setting a remote secondary mail server is done by creating a second MX record in DNS that points to a remote server. This record must have a higher MX number than the primary server to ensure that the primary server is used if available. Should the primary server become inaccessible, the secondary server will accept mail on the domain's behalf (spooling it until the primary server comes back on line). Note: It is a good idea to make sure that DNS servers also span geographical sites to ensure that the mail will flow should the problem be network related.

Seconday (remote) MX DNS Example:

IN      MX      10 moe.apache.org.
IN      MX      20 deedee.remotesite.org.

james_config_secondary.png

Of course, the approaches may be combined thusly:

Load Balancing MX DNS Example:

IN      MX      10 moe.apache.org.
IN      MX      10 larry.apache.org.
IN      MX      10 curly.apache.org.
IN      MX      10 dexter.remotesite.org.
IN      MX      20 deedee.remotesite.org.

where moe, larry and curly provide a load balanced set of primary servers, while dexter and deedee take over should all three primary servers become inaccessible.

Note that these solutions use a different outgoing repository for each destination (don't forget to create the corresponding directories!)

config.xml example:

Configuration:

    <processor name="transport">
      <mailet match="HostIs=myfoo.com" class="RemoteDelivery">
       <outgoing> file://var/mail/relay/ </outgoing>
       <delayTime> 21600000 </delayTime>
       <maxRetries> 5 </maxRetries>
       <deliveryThreads> 1 </deliveryThreads>
       <gateway> int.myfoo.com </gateway>
       <gatewayPort>25</gatewayPort>
      </mailet>

     <mailet match="RemoteAddrNotInNetwork=127.0.0.1,192.168.251.204"
             class="ToProcessor">
       <processor> spam </processor>
     </mailet>

     <mailet match="All" class="RemoteDelivery">
       <outgoing> file://var/mail/outgoing/ </outgoing>
       <delayTime> 21600000 </delayTime>
       <maxRetries> 5 </maxRetries>
       <deliveryThreads> 1 </deliveryThreads>
      </mailet>
    </processor>

SmartOrSecondaryHost (last edited 2010-11-20 20:06:44 by ChanochWiggers)