Have you ever wanted to set up a backup mail exchanger (MX) for your main Zimbra installation? Recently, I had this need for two of my Zimbra installations. Of course, if you run the enterprise version of Zimbra where they offer you the tools to do this without too much work out of the box. But if you just don’t have the resources to put up another full scale Zimbra server, you can achieve much of the same with much less. Of course, it won’t offer you all the bells and whistles that a full Zimbra installation will, but it does the trick if your needs are sparse.
You can run this backup MX of a low price VPS or similar services. And in this day and age, you have a huge selection of such providers that won’t set you back in terms of money. You have great providers such as Linode that offers this at an affordable price, that give you a virtual server where you have complete root access to your virtual server. Which is just what we need to achieve our task of setting up a backup MX. If this is something you want and need, please continue to read this article.What I’ve done, is make two BASH scripts to make the task of setting up a backup MX a breeze as well as making the process automated once set up. I assume in this howto that you already have a fully working installation of Zimbra in production. I also assume that you have NTP (Network Time Protocol) set up and working on both hosts. We first start the work on our main host, the existing Zimbra server. We require root privileges to run the script, so let’s sudo into the root account.
What the script ‘gen-users.sh’ does, is to query the Zimbra LDAP server for a list of active user accounts on all of your domains. This list is formatted in such a way that the backup host can easily parse it, and generate the necessary configuration files for postfix, which is used as the MTA on the backup host. You need to change a few things in the script before we proceed, namely the variables ‘REMOTEUSER’, ‘REMOTEHOST’ and ‘REMOTEPATH’. Since the scripts on both ends needs to be run as root, all that’s left to configure is really ‘REMOTEHOST’. Set this to the hostname of your backup MX host.
Since the list of users that are needed by the backup host needs to be copied over, I’ve chosen to do this using scp. Seeing as we want this process automated, we need to create a SSH key without a password using ssh-keygen.
To confirm that we’ve successfully enabled to authorized key on the remote host, we issue the following command (you should not need to enter a password).
At this point, the configuration files created by ‘gen-users.sh’ should be copied over to the remote host without being asked for a password. To automate the task, we also need to set up a crontab entry for the script. I prefer to run the script at 30 minute intervals, and I choose it to run at every whole hour and thirty minutes past the hour.
Just add this to your crontab.
0/30 * * * * /root/gen-users.sh
Save the file, and cron should state that the crontab has been installed. To verify this, you can monitor your syslog and look out for the following:
Feb 12 11:30:02 mainhost BackupMX: SUCCESS: created the list of users
Feb 12 11:30:05 mainhost BackupMX: SUCCESS: sent user list to seattle.thebios.com
We now have to move over to our secondary box. I already assume that you have postfix installed and working for local mail delivery, and if you haven’t done so, do so now before proceeding. I won’t cover this process here, so if you’re in doubt on this one, please consult one of the many howto’s out there on how to get a basic postfix installation running. Just as on the main Zimbra host, we need to sudo into our root account and download the script.
You really shouldn’t need to change much here to get things working, maybe apart from the paths to postconf, postmap and postfix itself (if you’re not running Debian or Ubuntu). I would highly recommend that you keep ‘DEBUG’ enabled, even in production as it logs useful information to syslog. If you’ve successfully set up the main host, and verified that you indeed have the file ‘zimbra_recipients.list’ in your /root folder that was copied over with scp, we are good to go. All we need to do now is to set up a crontab entry for the job. I prefer to run this task at every five minutes past the hour and every 35 minutes past the hour. This is five minutes after the user/domain list was created on the main host, and should have made it over to the backup host (you did remember to set up NTP right?). So let’s set up the crontab.
Add this to your crontab
5/35 * * * * /root/gen-postfix-config.sh
Cron should now state that your crontab was successfully installed. At this point, you should be able to monitor your syslog to see that the script generates the needed configuration files for postfix. These files/configuration directives include:
- The relay domains map (which domains postfix on our backup host should relay mails for if our main host is down)
- The relay map (which user accounts under our domain(s) we allow incoming mail from)
If all has gone well, you should be able to see something similar to this in your syslog.
Feb 20 12:02:24 backuphost BackupMX: MD5 has changed - need to notify postfix of changes
Feb 20 12:02:24 backuphost BackupMX: Domains to relay for: $mydestination yourdomain1.com yourdomain2.org yourdomain3.net ... [etc]
Feb 20 12:02:24 backuphost BackupMX: SUCCESS: postconf updated with relay domains
Feb 20 12:02:24 backuphost BackupMX: SUCCESS: created the relay_recipient_maps file
Feb 20 12:02:24 backuphost BackupMX: SUCCESS: copied the relay map to /etc/postfix/backup-mx-relays
Feb 20 12:02:26 backuphost BackupMX: SUCCESS: postconf notified about the new relay map
Feb 20 12:02:26 backuphost postfix/postfix-script: refreshing the Postfix mail system
Feb 20 12:02:26 backuphost postfix/master: reload -- version 2.7.1, configuration /etc/postfix
Feb 20 12:02:26 backuphost BackupMX: SUCCESS: postfix configuration reloaded
This sums up this howto. I wish you all the best with setting this up, and I hope you found this useful. Comments are more than welcome, and if you find any bugs, please report them over at my