Have you ever wanted to set up a backup mail exchanger (MX) for your main Zimbra installation? Recently, I had this need for two of my Zimbra installations. Of course, if you run the enterprise version of Zimbra where they offer you the tools to do this without too much work out of the box. But if you just don\u2019t have the resources to put up another full scale Zimbra server, you can achieve much of the same with much less. Of course, it won\u2019t offer you all the bells and whistles that a full Zimbra installation will, but it does the trick if your needs are sparse.<\/p>\n
You can run this backup MX of a low price VPS or similar services. And in this day and age, you have a huge selection of such providers that won\u2019t set you back in terms of money. You have great providers such as Linode that offers this at an affordable price, that give you a virtual server where you have complete root access to your virtual server. Which is just what we need to achieve our task of setting up a backup MX. If this is something you want and need, please continue to read this article.What I\u2019ve done, is make two BASH scripts to make the task of setting up a backup MX a breeze as well as making the process automated once set up. I assume in this howto that you already have a fully working installation of Zimbra in production. I also assume that you have NTP (Network Time Protocol) set up and working on both hosts. We first start the work on our main host, the existing Zimbra server. We require root privileges to run the script, so let\u2019s sudo into the root account.<\/p>\n
youruser@main:~: sudo su -\r\nroot@main:~#: wget \"http:\/\/redmine.tolecnal.net\/projects\/zimbrabackupmx\/repository\/revisions\/master\/raw\/gen-users.sh\"\r\nroot@main:~#: vim gen-users.sh<\/pre>\n<\/div>\n<\/div>\nWhat the script \u2018gen-users.sh\u2019 does, is to query the Zimbra LDAP server for a list of active user accounts on all of your domains. This list is formatted in such a way that the backup host can easily parse it, and generate the necessary configuration files for postfix, which is used as the MTA on the backup host. You need to change a few things in the script before we proceed, namely the variables \u2018REMOTEUSER\u2019, \u2018REMOTEHOST\u2019 and \u2018REMOTEPATH\u2019. Since the scripts on both ends needs to be run as root, all that\u2019s left to configure is really \u2018REMOTEHOST\u2019. Set this to the hostname of your backup MX host.<\/p>\n
Since the list of users that are needed by the backup host needs to be copied over, I\u2019ve chosen to do this using scp. Seeing as we want this process automated, we need to create a SSH key without a password using ssh-keygen.<\/p>\n
\n\nroot@main:~#: ssh-keygen -t rsa\r\nroot@main:~#: ssh root@remotehost mkdir -p .ssh\r\npassword:\r\nroot@main:~#: cat .ssh\/id_rsa.pub | ssh root@remotehost 'cat >> .ssh\/authorized_keys'\r\npassword:<\/pre>\n<\/div>\n<\/div>\nTo confirm that we\u2019ve successfully enabled to authorized key on the remote host, we issue the following command (you should not need to enter a password).<\/p>\n
\n\nroot@main:~#: ssh root@remotehost hostname<\/pre>\n<\/div>\n<\/div>\nAt this point, the configuration files created by \u2018gen-users.sh\u2019 should be copied over to the remote host without being asked for a password. To automate the task, we also need to set up a crontab entry for the script. I prefer to run the script at 30 minute intervals, and I choose it to run at every whole hour and thirty minutes past the hour.<\/p>\n
\n\nroot@main:~#: crontab -e<\/pre>\n<\/div>\n<\/div>\nJust add this to your crontab.<\/p>\n
\n\n0\/30 * * * * \/root\/gen-users.sh<\/pre>\n<\/div>\n<\/div>\nSave the file, and cron should state that the crontab has been installed. To verify this, you can monitor your syslog and look out for the following:<\/p>\n
\n\nFeb 12 11:30:02 mainhost BackupMX: SUCCESS: created the list of users\r\nFeb 12 11:30:05 mainhost BackupMX: SUCCESS: sent user list to seattle.thebios.com<\/pre>\n<\/div>\n<\/div>\nWe now have to move over to our secondary box. I already assume that you have postfix installed and working for local mail delivery, and if you haven\u2019t done so, do so now before proceeding. I won\u2019t cover this process here, so if you\u2019re in doubt on this one, please consult one of the many howto\u2019s out there on how to get a basic postfix installation running. Just as on the main Zimbra host, we need to sudo into our root account and download the script.<\/p>\n
\n\nyouruser@backup:~: sudo su -\r\nroot@backup:~#: wget \"http:\/\/redmine.tolecnal.net\/projects\/zimbrabackupmx\/repository\/revisions\/master\/raw\/gen-postfix-config.sh\"\r\nroot@backup:~#: vim gen-postfix-config.sh<\/pre>\n<\/div>\n<\/div>\nYou really shouldn\u2019t need to change much here to get things working, maybe apart from the paths to postconf, postmap and postfix itself (if you\u2019re not running Debian or Ubuntu). I would highly recommend that you keep \u2018DEBUG\u2019 enabled, even in production as it logs useful information to syslog. If you\u2019ve successfully set up the main host, and verified that you indeed have the file \u2018zimbra_recipients.list\u2019 in your \/root folder that was copied over with scp, we are good to go. All we need to do now is to set up a crontab entry for the job. I prefer to run this task at every five minutes past the hour and every 35 minutes past the hour. This is five minutes after the user\/domain list was created on the main host, and should have made it over to the backup host (you did remember to set up NTP right?). So let\u2019s set up the crontab.<\/p>\n
\n\nroot@backup:~#: crontab -e<\/pre>\n<\/div>\n<\/div>\nAdd this to your crontab<\/p>\n
\n\n5\/35 * * * * \/root\/gen-postfix-config.sh<\/pre>\n<\/div>\n<\/div>\nCron should now state that your crontab was successfully installed. At this point, you should be able to monitor your syslog to see that the script generates the needed configuration files for postfix. These files\/configuration directives include:<\/p>\n
\n
- The relay domains map (which domains postfix on our backup host should relay mails for if our main host is down)<\/li>\n
- The relay map (which user accounts under our domain(s) we allow incoming mail from)<\/li>\n<\/ul>\n
If all has gone well, you should be able to see something similar to this in your syslog.<\/p>\n
\n\nFeb 20 12:02:24 backuphost BackupMX: MD5 has changed - need to notify postfix of changes\r\nFeb 20 12:02:24 backuphost BackupMX: Domains to relay for: $mydestination yourdomain1.com yourdomain2.org yourdomain3.net ... [etc]\r\nFeb 20 12:02:24 backuphost BackupMX: SUCCESS: postconf updated with relay domains\r\nFeb 20 12:02:24 backuphost BackupMX: SUCCESS: created the relay_recipient_maps file\r\nFeb 20 12:02:24 backuphost BackupMX: SUCCESS: copied the relay map to \/etc\/postfix\/backup-mx-relays\r\nFeb 20 12:02:26 backuphost BackupMX: SUCCESS: postconf notified about the new relay map\r\nFeb 20 12:02:26 backuphost postfix\/postfix-script[18348]: refreshing the Postfix mail system\r\nFeb 20 12:02:26 backuphost postfix\/master[32541]: reload -- version 2.7.1, configuration \/etc\/postfix\r\nFeb 20 12:02:26 backuphost BackupMX: SUCCESS: postfix configuration reloaded<\/pre>\n<\/div>\n<\/div>\n