Re: [gentoo-user] Alternate Incoming Mail Server

[Grant Taylor <gtaylor@gentoo.tnetconsulting.net>]

On 4/6/20 6:35 AM, Ashley Dixon wrote:
> Hello,

Hi,

> After many hours of confusing mixtures of pain and pleasure, I have 
> a secure and well-behaved e-mail server which encompasses all the 
> features I originally desired.

Full STOP!

I hoist my drink to you and tell the bar keep that your next round is on me.

Very nicely done!!!

In all seriousness, running your own email server is definitely not 
easy.  DNS, web, and database servers are easier.

This is especially true, by an order of magnitude, if you are going to 
be sending email and do all of the necessary things to get other mail 
receivers to be happy with email outbound from your server.

~hat~tip~

> However, in the event that I need to reboot the server (perhaps a 
> kernel update was added to Portage), I would like to have a miniature 
> mail server which catches incoming mail if, and only if, my primary 
> server is down.

Okay....

> I have Gentoo installation on an old Raspberry Pi (model B+), and was 
> curious if such a set-up was possible ?

Can you get a Raspberry Pi to function as a backup server?  Yes.  Do you 
want to do such, maybe, maybe not.

I've seen heavier inbound email load on my backup mail server(s) than I 
have on my main mail server.  This is primarily because some, 
undesirables, send email to the backup email server in the hopes that 
there is less spam / virus / hygiene filtering there.  The thought 
process is that people won't pay to license / install / maintain such 
software on the ""backup email server.

I encourage you to take a look at Junk Email Filter's Project Tar [1].

Aside:  JEF-PT encourages people to add a high order MX to point to 
JEF-PT in the hopes that undesirable email to your domain will hit their 
MX, which will always defer the email and never accept it.  Their hope 
is to attract as many bad actors to their system as they can, where they 
analyze the behavior of the sending system; does it follow RFCs, does it 
try to be a spam cannon, etc.  They look at the behavior, NEVER content, 
and build an RBL.  The provide this RBL for others to use if they 
desire.  —  I have been using, and recommending, JEF-PT for more than a 
decade.

JEF-PT could function as the backup MX in a manner of speaking.  They 
will never actually accept your email.  But they will look like another 
email server to senders.  As such, well behaved senders will queue email 
for later delivery attempts.

> I also want the solution to be as minimal as possible. I see the 
> problem as three parts:

This type of thinking is how you end up with different spam / virus / 
hygiene capabilities between the primary and secondary email systems. 
Hence why many undesirables try secondary email system(s) first.  ;-)

In for a penny, in for a pound.

If you're going to run a filter on your primary mail server, you should 
also run the filter on your secondary mail server(s).

> (a) Convincing the D.N.S.\ and my router to redirect mail to the 
> alternate server, should the default one not be reachable;

DNS is actually trivial.  That's where multiple MX records come in to 
play.  —  This is actually more on the sending system honoring what DNS 
publishes than it is on the DNS server.

Aside:  Were you talking about changing what DNS publishes dynamically 
based on the state of your email server?  If so, there is a lot more 
involved with this, and considerably more gotchas / toe stubbers to deal 
with.

There are some networking tricks that you can do in some situations to 
swing the IP of your email server to another system.  This assumes that 
they are on the same LAN.

  · VRRP is probably the simplest one.
  · Manually moving also works, but is less simple.
  · Scripting is automated manual.
  · Routing is more complex.
     · Involves multiple subnets
     · May involve dynamic routing protocols
     · Manual / scripting ....
  · NAT modification is, problematic

> (b) Creating the alternate mail server to be as lightweight 
> as possible. I'm not even sure if I need an S.M.T.P.\ server 
> (postfix). Would courier-imap do the trick on its own (with 
> courier-authlib and mysql) ?

You will need an SMTP server, or other tricks ~> hacks.  Remember that 
you're receiving email from SMTP servers, so you need something that 
speaks SMTP to them.

Courier IMAP & authlib are not SMTP servers.  I sincerely doubt that 
they could be made to do what you are wanting.

> (c) Moving mail from the alternate server to the main server once 
> the latter has regained conciousness.

SMTP has this down pat in spades.

This is actually what SMTP does, move email from system to system to 
system.  You really are simply talking about conditinally adding another 
system to that list.

Hint:  SMTP is the industry standard solution for what you're wanting to 
do, /including/ getting the email from the alternate server to the main 
server.

> I realise this is a slightly different problem, and is not even 
> necessarily _required_ for operation, although it's certainly a 
> nice-to-have.

It's not really a different problem.

It is really required.  Having the email on an alternate server without 
a way to get the email to the main mail server where all the clients are 
configured to access it is an untenable situation that is tantamount to 
not having the email that goes to the alternate server.

> What do you think; is this at all possible ?

Yes, absolutely possible.

> Has anyone here done anything like this before ?

Yes, absolutely been done before.

What you're asking for can all be hacked together using things other 
than SMTP.  But it is very much that, a hack, cobbled together.

Or, you can use SMTP, which you're already using, and does exactly what 
you're asking to do.

> Thanks in advance.

[1] https://wiki.junkemailfilter.com/index.php/Project_Tar



-- 
Grant. . . .
unix || die