Hey there,

I setup Mailcow a while ago, and it’s been working fine and I’m happy with it. Today I decided to setup a backup MX host in case me server is ever down, so I spun up a tiny vanilla Ubuntu VM and installed postfix. I setup the relay domains and everything. The issue I have is when I try taking down my mailcow server then send a test message, the backup MX gets it, but when it tries to deliver it to mailcow, it keeps getting rejected. Any thoughts?

Error Message:
Jan 27 04:25:32 mx postfix/smtp[5079]: 75B883F12D: to=me@me.com, relay=mymailcow.server[123.456.789.123]:465, delay=0.15, delays=0.01/0/0.11/0.03, dsn=5.7.1, status=bounced (host mymailcow.server[123.456.789.123] said: 554 5.7.1 <mx.backupmx.server[123.456.789.321]>: Client host rejected: Access denied (in reply to RCPT TO command))

(I did try adding my backup server as a forwarding host in Mailcow, but this didn’t help either.

Thanks!

6 days later

Have something to say?

Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

I’m not an mail server-expert - but from what I know, any Postfix instance (as your Backup MX) needs to be specifically be aware which domains and specific email addresses it is handling and responsible for. So you need to configure Postfix properly to be aware of those.

Also, you really, really should configure (pretty much identical) level of Anti-Spam protection on your Backup MX as you have on your main mailcow instance. So like rspamd, clamav, and maybe greylisting, etc.

The reason being, that your primary MX server will (needs to be configured) trust all emails it gets from the Backup MX as it is basically an ‘internal’ mail. So all the spam ever been sent to the Backup MX, is being sent to your main MX as ‘legit’ emails. There is no phishing, spam, virus or whatsoever-filtering taking place.

Because when Main MX receives email from Backup MX, the source mailserver was your Backup MX. So checks like SPF, IP blacklisting, etc for any known malicious mailserver IPs won’t be applied.

It’s not that easy as you might think it is. I’d rather recommend just staying with your main server. You’re unlikely to miss any emails when you have a brief downtime of your main mailserver.

    pkernstock
    Thanks for the lecture. Not what I was looking for unfortunately. If you have any recommendations towards my posted issue, I’d appreciate those.

      No one is typing