I was talking earlier with a friend about having a failover email
system providing full redundancy
Ideally something like:
Mailserver A port 25 (Live)
delivers locally to Mailserver A port 2525 maildirs
relays a copy to Mailserver B port 2525 (backup)
Mailserver B port 25 (backup)
delivers locally to Mailserver B port 2525 maildirs
relays a copy to Mailserver A port 2525 maildirs (live)
The idea being that there is always a machine on the internet that
has full email.
So if server A gets rooted, burns down, the datacenter loses power
like the LA outage last month, you swap dns and server B handles
everything.
my first idea was that port 25 on each machine is an exim relay
station that just routes messages to the local mailstore and the
backup mta -- both running on port 2525.
my friend noted that setup would make messages seem accepted once the
port 25 host let go -- and that you have no control over whether its
getting to or being rejected from the local 2525 or backup 2525
he suggested some sort of daemon on 25 that speaks smtp and holds
onto the connection until either:
a_ both the local and the backup mta have successfully processed
the message
b_ the local mta has processed successfully and the remote is
unreachable (considered down)
if either mta rejects the message, then both do (but that should
never be the case)
before we spend any more time talking about trying to implement
something like this ourselves from scratch-- has anyone out there
done this with exim or another mta?
note: we never got as far as what to do about reading email - but
handling the imap stuff is for another list