Heya Swinog
We have business customers with an own mailservers asking us to provide a backup MX for their mailserver. Usualy we deny such request, because such a backup MX would bounce all spam which cannot be relayed, and anyway, the sending server usualy queues the email usualy about the same amount of time a backup mx would queue it. So we see not advantage, but a big disatvantage.
Now some of our customers complain that 'all other ISP' offers such services.
So I wanted to know your opinions:
- Why would business customers _need_ their ISP to operate a backup MX for them? - Why can you avoid the disatvantage to generate a shitload of bounces when operating ab backup MX? - Is it true, that most ISP offer this kind of service?
Mit freundlichen GrĂ¼ssen
Benoit Panizzon
On Thu, 24 May 2012 16:55:04 +0200 Benoit Panizzon benoit.panizzon@imp.ch wrote:
We have business customers with an own mailservers asking us to provide a backup MX for their mailserver. Usualy we deny such request, because such a backup MX would bounce all spam which cannot be relayed, and anyway, the sending server usualy queues the email usualy about the same amount of time a backup mx would queue it. So we see not advantage, but a big disatvantage.
The simple advantage is the control. On a backup MX you can enforce your own rules for keeping mail, sending rates, alarming and so on.
- Is it true, that most ISP offer this kind of service?
An ISP is an ISP - not a mail provider. So why should an pure ISP offer something like a backup MX or a smarthost? But in this world business is not a perfect thing: sometimes you have to offer one service to sell another. But if you don't want to offer such services yourself - be smart and ask another party which has this in their business model included, make a contract and offer it to your customers for a additional fee. So all sides will win. That is the art of making business.
So we have no problem to offer a mail service and I'm pretty sure you will find many more here.
Regards Oli
On 2012-05-24 16:55 , Benoit Panizzon wrote:
Heya Swinog
We have business customers with an own mailservers asking us to provide a backup MX for their mailserver. Usualy we deny such request, because such a backup MX would bounce all spam which cannot be relayed, and anyway, the sending server usualy queues the email usualy about the same amount of time a backup mx would queue it. So we see not advantage, but a big disatvantage.
You should not configure it as a backup, it should just be a part of the primary, all configured the same, all doing full validation, virus checking etc. You do not have any bounces then as it is fully ready to accept that message, which then can be stored on a backend (disk full is then the only issue you could run into if the storage is a separate thing)
This does require that your customers can push their config to you and that your customers reveal their userbase (then again sniff can do so much more)
eg, have 3 front-end boxes (which might be loadbalanced) at different network/physical locations: hostA hostB hostC
then you configure:
$ORIGIN example.com. @ MX 10 mx1 MX 20 mx2 MX 30 mx3
mx1 A h.o.s.tA AAAA h::os:tA A h.o.s.tB AAAA h::os:tB
mx2 A h.o.s.tC AAAA h::os:tC A h.o.s.tA AAAA h::os:tA
mx3 A h.o.s.tB AAAA h::os:tB A h.o.s.tC AAAA h::os:tC
This way, randomly A or B is picked, if they soft-fail (thus not a 500 reject or so), but a connection failure/timeout etc, then most SMTP clients will fail over to the next MX (postfix for instance tries the next address and then all of them) and retry there till they receive a fatal error from the smtp-frontend.
The way that the hosts are ordered above gives full chance for things to break into multiple locations without it hurting if one randomly breaks.
Btw, dovecot & dsync is awesome for these kind of setups ;)
Greets, Jeroen
Hello Benoit
On 24.05.2012 16:55, Benoit Panizzon wrote:
We have business customers with an own mailservers asking us to provide a backup MX for their mailserver. Usualy we deny such request, because such a backup MX would bounce all spam which cannot be relayed, and anyway, the sending server usualy queues the email usualy about the same amount of time a backup mx would queue it. So we see not advantage, but a big disatvantage.
I do not speak from an ISP point of view, but I hope that my input may be helpful too.
I would only run a backup MX for customers (or anybody else), if the master MX does not reject any e-mails from the backup MX at the SMTP communication level.
And it should also be possible for the backup MX to know all valid users which the master MX will accept e-mail for. Postfix does support "Recipient address verification" [1] (see about 1/3 down the page), even with saving the results locally. An other option is, if the customer is somehow providing regular updates to the list of valid recipients.
[1] http://www.postfix.org/ADDRESS_VERIFICATION_README.html
bye Fabian
Hi Benoit,
On Thu, May 24, 2012 at 04:55:04PM +0200, Benoit Panizzon wrote:
We have business customers with an own mailservers asking us to provide a backup MX for their mailserver.
I'm not working for an ISP but for company helping to implement business customers to set up their own MX. I allways advise my customers *not* to use any external backup MX.
As you said, it is not necessary as external mailsystems queue anyway and we set up redundant MTAs. And as most current anti-spam systems depend (not exclusively of course) on the IP address connecting to the system, it is not very helpfull to see your backup MX connecting to you.
HTH.
Best regards, Matthias
Heya Benoit
Here's the view from a Business customer, who used to work for ISPs:
- Why would business customers _need_ their ISP to operate a backup
MX for them?
- If the customer is multihomed, there's almost no need for this. One exception: Customer wants to catch possible misconfiguration of DNS and/or mailserver on his side. - For a non-multihomed customer, mail or Internet in general should not be *that* business critical. If the customer doesn't want to be multihomed, but still sees mail as a business critical application, I would recommend to outsource mail serivces completely (newspeak: cloud).
- Is it true, that most ISP offer this kind of service?
If there's a paying customer, there's a services who will provide the service. I remember that in the "old" days of the internet, we would implement almost every hack for customers. Nowadays, that marketing people, project managers and process designers are running ISPs, it's most probably not that common anymore...
Kind regards, Viktor
Hi,
(did not read the whole thread here, so sorry for might saying things already said before)
Backup MX is a good thing and a good service to offer for business customers (even there are many different definitions of business customer in the ISP world :)) with their own mail server. Problem, as stated before, is that it's hard for you to do full validation against spam, virus and most important "recipient" validation. the worst thing you can do is accepting all mail for a domain.
the problem is, every customer has another type of mail server (even if there are a lot of ms exchange servers of course). so you would need a way to propagate user database from the customer server to your server in a reliable way.
an easy way around this is offering an mx proxy service instead of the mx backup. that means customer domain mx goes to your server, your server does "recipient validation" with caching. that means on each incoming mail your server will ask the customers server (in a standard smtp dialogue) if the recipient exists and only then accepts the mail on your server. this checking results are cached and that way your server can also accept mails in the case where the customers server is off-line for a while.
but as also said here before: to offer such a service you really need what you're doing, there is nothing worse than a bad configured mail server in the internet :) so if you have the possibility work with a partner which knows the technology well.
greets Marco
On Thu, May 24, 2012 at 6:57 PM, Viktor Steinmann stony@stony.com wrote:
Heya Benoit
Here's the view from a Business customer, who used to work for ISPs:
- Why would business customers _need_ their ISP to operate a backup MX for
them?
- If the customer is multihomed, there's almost no need for this. One
exception: Customer wants to catch possible misconfiguration of DNS and/or mailserver on his side.
- For a non-multihomed customer, mail or Internet in general should not be
*that* business critical. If the customer doesn't want to be multihomed, but still sees mail as a business critical application, I would recommend to outsource mail serivces completely (newspeak: cloud).
- Is it true, that most ISP offer this kind of service?
If there's a paying customer, there's a services who will provide the service. I remember that in the "old" days of the internet, we would implement almost every hack for customers. Nowadays, that marketing people, project managers and process designers are running ISPs, it's most probably not that common anymore...
Kind regards, Viktor
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog