Thu 24 May 2007
Mail Servers and DNS
Category : Technology/MailServersAndDNS.txt
James Keating wrote me a question : Can we run two (or more) mail servers for a single domain? The answer is not a simple yes. Neither is it a no. And this had set me thinking. I reproduce my answer below in the hope that this can help other people understand mail servers better, as well as their relationship with the domain name system. Usually you run one mail server for a single domain. You can have other mail servers for that domain, but these are used as backups that will get the mail when the primary mail server is down. Start with the simplest case, where you have one mail server for the domain and this mail server sits on the machine you reach by typing its domain name. For example, ksd140.org sits on 207.63.165.6 and the mail server is also on that machine, on IP address 207.63.165.6. In this case, you don't even need to create an MX record. Second case, where the mail server sits on a different machine from the machine known as ksd140.org. For example, the mail server sits on a machine with an IP address of 207.63.105.131, reachable via a host name called mail.ksd140.org. Then you need to have an MX record in the Domain Name System to declare that mail.ksd140.org is performing the function of the mail server for the domain, ksd140.org. In DNS Enabler, this is specified as Hostname                 IP                   Alias mail.ksd140.org       207.63.105.131       MX[10]ksd140.org or, simply, Hostname                 IP                   Alias mail.ksd140.org       207.63.105.131       MX[10] because, if you leave out the domain name after the square brackets, DNS Enabler assumes that you're referring to the primary domain, ksd140.org. This is what happens when someone sends a message to james@ksd140.org. The originating mail server will check if there is an MX record for the domain, ksd140.org. If there is, it will follow that record and know that it has to send the message to the machine, mail.ksd140.org, which is acting as the mail server for that domain. If there isn't an MX record, it will send the message directly to the machine, ksd140.org. Third case, where you can have more than one mail server acting as mail servers for that domain, but these are secondary mail servers acting as backups for the primary mail server. For example, if mail2.ksd140.org on IP address 207.63.105.132 is the backup mail server for mail.ksd140.org, for the domain ksd140.org, then we will denote its status as a backup by setting it with a higher MX number : Hostname                 IP                   Alias mail.ksd140.org       207.63.105.131       MX[10] mail2.ksd140.org       207.63.105.132       MX[20] This is what happens when an originating mail server tries to send a message to james@ksd140.org and finds that the primary mail server is down. It will look up the MX records for the domain and see if it can find the next higher-numbered MX record to send the message to. If this is also down, it goes on down the line to the next record until it either succeeds in sending the message or fails entirely. Fourth case. We can have another mail server, not acting as mail server for the domain, but acting on its own right : Hostname                 IP                   Alias wmail.ksd140.org       10.10.2.99 In this example, this mail server is reachable only by machines on the internal private network, and it can be used as an outgoing smtp server for any mail client on the internal network. However, in this case, if we're using the MailServe setup panel, we must take care to enter wmail.ksd140.org into the Domain Name field, rather than ksd140.org, otherwise the Postfix running on wmail.ksd140.org will mistakenly hang on to all mail destined for users on ksd140.org. There is a fifth case, where wmail.ksd140.org acts as the mail server for another host machine entirely, say, host2.ksd140.org. For completeness, this is how we set up DNS Enabler : Hostname                 IP                   Alias wmail.ksd140.org       10.10.2.99       MX[10]host2.ksd140.org and then the Domain Name field in MailServe should be set as host2.ksd140.org, but I think your eyes are all glazed over by now and I'd better stop. All this is to say that our little programs, MailServe and DNS Enabler, can actually do a heck of a lot. Hope all these make sense.
Posted at 1:24AM UTC | permalink
|