Using Fail Over or Load Balanced Mail Servers

Overview

You're a SpammerTrap appliance user, or you use the SpammerTrap's IONSPAM hosted email security service. You have a Disaster Recovery site, or you have clustered mail servers.

You want to make sure that whichever SpammerTrap email security solution you're using is optimized to take full advantage of multiple servers, rather than forwarding clean email to just one hardcoded mailserver. This article provides instructions for doing this.

Note: This article deals with High Availability/Load Balancing on email FROM SpammerTrap TO your local/internal mail servers.  For information on clustering all inbound email FROM the Internet TO SpammerTrap, contact your authorized reseller for SpammerTrap clustering options.

SpammerTrap allows a local domain transport to be entered as either an IP address or a hostname.  If using a hostname,  SpammerTrap has the option of performing either a DNS ‘A’ record lookup (default) on that hostname, or a DNS ‘MX’ (mail exchanger) record lookup. This FAQ discusses the features of both options, and when each is appropriate for use.

You begin by choosing a method for email delivery below: either Load Balancing, or Fail Over Only.

Email Delivery Method (choose one)

• Load Balancing

Load Balancing refers to when you have two or more mail servers, which you want to spread the email load across evenly.  This option gives you High Availability, Load Balancing, and Fail Over. It can be accomplished using either the Multiple ‘A’ Records configuration method, or the DNS ‘MX’ Records configuration method, as described below.

• Fail Over Only

Fail Over Only refers to when you have two or more mail servers, but wish to deploy them in a serial manner (e.g., primary, secondary, and so on). This is commonly seen when an organization has a primary site they want to generally always receive email, as well as a disaster recovery site where email should be sent in the event of a primary-site failure. This method can be accomplished by the DNS ‘MX’ Records configuration method described below.

Configuration Information (choose one)

• Multiple ‘A’ Records - For DNS Round Robin Load Balancing via IP Addresses

Requirements: You must be able to edit your DNS records, and all of your internal mail servers must have a fixed IP address that is reachable from the SpammerTrap appliance or the IONSPAM hosted service. If you do not control the IP address, or these IP addresses change, then you should not use this feature.  (Instead, you should use the MX record method below.)

For background on round robin load balancing, see: http://en.wikipedia.org/wiki/Round_robin_DNS

Instructions:

1. Write down the IP addresses of all of your internal mail servers.  Use public IP addresses if possible to avoid disclosing internal IP addresses.
2. Create new A records for each host.  If you have two servers, you will need two records with the same name. Example: inbound.example.com.
3. Example: IP 1.1.1.1 and 1.1.1.2: Create an A record (New Host) for host inbound.example.com that points to 1.1.1.1. Create a second A record for host inbound.example.com that points to 1.1.1.2 (Repeat for each additional internal mail server.)
4. Double check it:  From a Windows Host in the same network as the SpammerTrap, from the command line, type:  nslookup -type=a inbound.example.com. You should see a display that looks something like:  Name: inbound.example.com Addresses: 1.1.1.1, 1.1.1.2
5. On SpammerTrap, in the email routing page, change the target name to inbound.example.com.  The SpammerTrap should test both connections and give you a report.
6. Send two test messages to your domain. Monitor inbound email from Spammertrap (Reports->mailq) and verify mail flow.
7. Check your servers at 1.1.1.1 and 1.1.1.2 and make sure that an equal volume of email is flowing to each one.

• DNS ‘MX’ Records - For Load Balancing, Disaster Recovery, or Fail Over.
  

Requirements: You must be able to edit your DNS records and create additional 'MX' records. If the hosts you wish to send email to do not currently have A (Host) records, you must create them (see Steps 1 and 2 below).  If these hosts already have A records, go directly to Step 3 below.  Also note, you should NOT use 'CNAME' (alias) records, as this may result in your being blacklisted at http://www.rfc-ignorant.org.

For background on MX records, see:  http://en.wikipedia.org/wiki/MX_record

Instructions:

1. Write down the IP addresses of your internal mail servers.  Use public IP addresses if possible.
2. Create UNIQUE hostnames for each host. For example:  Create a new A (host) record for a.example.com for IP 1.1.1.1.  Create a new A record for b.example.com for IP address 1.1.1.2.
3. Create a new MX record for host inbound.example.com.  Enter the primary internal mail server name (from Step 2) with a mail server priority of 10.  (NOTE: DO NOT USE YOUR DOMAIN NAME ONLY.)
4. Create a second new MX record for host inbound.example.com.  Enter the secondary internal mail server name (from Step 2) with a mail server priority of 20 if you are using Fail Over or Disaster Recovery, or 10 if you are using Load Balancing.
5. Repeat Step 4 for each additional mail server, incrementing the mail server priority by 10 each time, if not using Load Balancing.
6. Check your entries:  From a Windows command prompt in the same network as your SpammerTrap, type nslookup -type=mx inbound.example.com.  You should see all of your MX records.
7. On the SpammerTrap email routing page, change the target name to inbound.example.com and SET THE DNS TYPE TO MX.  SpammerTrap should test both connections and give you a report.
8. Send a test message, and verify that it goes to your primary mail server.
9. Then, block your primary server and send a second message, to verify that it goes to your secondary server. (Unblock once you have verified.)
10. Check mail flow with reports->mailq

Still Have Questions?

SpammerTrap Support can be reached at: This e-mail address is being protected from spambots. You need JavaScript enabled to view it or 561-948-2254