• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 611
  • Last Modified:

Create an offsite Failover for multiple Exchange Servers

Hey Everyone -

As a consultant who constantly deals with down servers whether it be an hour or even a day, I'm constantly asked if they're emails that are sent to them during that period will be retained. Most time, the answer is no. I'd like to offer a solution allowing them to retain any emails during a downtime as an overall service. Not sure how the emails are delivered once the server is backup (POP?) but feel like that's a great service to offer. Just not sure where to start.

I currently have space at a local NOC and a dual processor server with a few TBs but no OS installed yet as I have a few extra licenses of Server 2008 but not sure if this solution requires an open source OS. I'd prefer a MS though.

Any ideas out there?
0
tecpub
Asked:
tecpub
4 Solutions
 
johan_vCommented:
Hi,

Why don't you let your ask your customers to ask their isp if they have a smtp fallback. Using an smtp fallback you can implement the solution you want. You might use exchange for this but I think this solution will cost you a lot of money compared to a linux/unix solution.

Rgards,
Johan
0
 
grahamnonweilerCommented:
The type of service you are hoping to offer is commonly referred to as a Gateway, where incoming (and in some cases outgoing) messages for a particular domain are received and then held / relayed / collected depending on the status of the "main server".

In your case you want to offer this service as a fail-over ony alternative. However, as the service needs to be active all the time, and the MX* records for the "master" domain will need to have your fail-over gateway listed at all times, the service wil effectively be in constant use.

While you could do this with Linux - there are a number of Email Server applications for Windows Server 2003/2008 that are already geared directly towards use as a Gateway - and thus would probably be an easier route for you to take - unless of course you are comfortable with Linux.

One particular provider Altn, offer a couple of solutions that would suit your needs - http://www.altn.com/Products/MDaemon-Email-Server-Windows/ - their MDaemon email server allows you to create an unlimited number of Gateways - even with their entry level license.

Once the Gateway is set up, received messages can then either be directly sent onwards to the master domain email server, or held for collection and Exchange allows you to configure it to pull messages from a Gateway using ESTRN.

With all this said, there are many professional email providers who can and do provide this type of service, depending on how many clients you have you might be better to outsource this rather than attempt to provide the service yourself, particularly if you are not familiar with running a 24/7 service.

*Note: the master domain would have 2 MX records - the higher priority going to the master domain mail server.
0
 
Simon Butler (Sembee)ConsultantCommented:
I do this myself with a standard IIS server, nothing more complex than that.
The client has a second MX record which is actually a dynamic DNS provider host name. This host points to their regular MX record IP address most of the time. In the event of a server being down for any extended period of time, then I change the dynamic DNS address to point to my server.

By using this method I only process their email when the server is actually down. This means I don't get their spam, and I can maintain recipient filtering except when they are down.

Don't fall in to the trap of believing the cost of MX records makes any difference, it doesn't. Even if you have your server as a high cost MX record it will get mail and a large amount of it will be spam.

Getting the email to their server is easy enough, just confuigure IIS to use a smart host for their domain and set it to be their regular MX record host name. When the server comes back, restart SMTP server service which will force IIS to process the email.

Nothing more complex than that.

Simon.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
tecpubAuthor Commented:
Thanks for the reply johan_v - my only issue is that usually in the summer in SoCal our ISP is the main reason for the outage aside from power issues. Most times ISPs are down completely and give only 4-6 hour windows. Seems kinda sketchy to leave the fail-over work in their hands. However, I did inquire and found that they do not offer that service. Unfortunately a third of my largest clients are stuck with this provider as they dominate the area and anything else coming close to 20mb/16mb would cost them 3-4 times as much.

I would like to implement it in a Windows environment as I have most the hardware and software to make that happen already and most of my employees are certified and familiar with Windows.

grahamnonweiler - Thanks for the reply! As for the 24x7 services, I have setup many 24x7 services for small web hosting and hosted exchange resellers. So I do somewhat understand that this wont be a set and forget kind of thing and know this will be a carefully planned out build. However, I do plan on hosting this new server in a local datacenter and as it will be running in a VM cluster, it would be somewhat running hopefully multiple services. So cost for spooling up another virtual server for this service would only require licensing from any vendor and server resources (processor, ram and storage) correct? Provider Altn, looks like just what I'm looking for to be honest! Thanks and I'll definitely look into that.

Sembee2 - Very interesting using a IIS Server - I'm guessing then that you would be running Exchange on your end as well? In the event of a down client, what's the lag time between them calling, you changing the record and mail coming to you? To me it seems like they always go down when I'm out of town or busy putting out another fire, so it would be nice to work it out to be a constantly up and running service regardless of spam. When the main server comes back, how does your server route it back?

Thanks everyone!
0
 
Simon Butler (Sembee)ConsultantCommented:
If you use a dynamic DNS service, then the change is effective within five minutes or so. That is why I use that system. Two MX records, one that doesn't change.

Don't forget that you have time to get the services up - most mail servers will continue to attempt delivery for 48 hours, so a delay of three or four hours before you get things running isn't a problem.

Clients are using Exchange, but the server I use to store their email is not - it is a plain IIS server, running Windows 2008 web edition.

The problem with having something that is constantly available is the loss of recipient filtering. You can drop 60% of email on some locations that is being sent to non-valid recipients, if you are routing email via another server that cannot do recipient filtering, then you can cause backscatter, which leads to blacklisting.
I have looked at using LDAP, but using it with multiple independant domains doesn't seem possible using any tools that I can find.
Plus if you are always able to receive email then you have got to process that email, scan it, block the spam etc. It is too late if you are allowing the client server to process it, you will just end up causing back scatter.

Simon.

Simon.
0
 
grahamnonweilerCommented:
A side comment here: @Sembee2

The problem with having something that is constantly available is the loss of recipient filtering. You can drop 60% of email on some locations that is being sent to non-valid recipients, if you are routing email via another server that cannot do recipient filtering, then you can cause backscatter, which leads to blacklisting.
I have looked at using LDAP, but using it with multiple independant domains doesn't seem possible using any tools that I can find.
Plus if you are always able to receive email then you have got to process that email, scan it, block the spam etc. It is too late if you are allowing the client server to process it, you will just end up causing back scatter.

This is the very reason that I recommended the OP look at using a product specifically geared towards handling a pro level Gateway. In respect to the Altn products, the gateways  can be set-up to use LDAP (as well as a number of other methods) for recepient verfication, provide comprehensive antispam and antivirus protection and also handles the onward transmission of the messages when the server comes back - all without the need to change DNS settings.

In all honesty, I'm not convinced that using IIS and a plain Windows SMTP service is the right thing to be doing with "business" email, and even more so if OP is going to be charging for a fail-over service in the Enterprise market.

That's not saying it won't work - but when charging a client, and placing your reputation on the line - it might be wiser to use the correct tools for the job.
0
 
Simon Butler (Sembee)ConsultantCommented:
@ grahamnonweiler

If you hadn't mentioned that functionality, I wouldn't have known it was possible from looking at the Alt-N web site. There is zero reference to it in any of their production information that I can find.

I discovered this single reference in the KB:
http://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-01762

The security gateway product also says that it can do it, but specifically says that the EULA forbids it being used for a commercial hosting solution, it is designed for a single organisation only.

I don't actually charge my clients for the facility. IIS SMTP has never let me down, and it is just a place to queue the email somewhere under my control until I get the server available again. The server I have does not actively take part in their day to day email flow.

Simon.
0
 
grahamnonweilerCommented:
Unfortunately, while Altn products are good their documentation leaves a lot to be desired!

I am actually referring to (and recommending) the OP uses MDaemon (Altn's mail server) as opposed to the Security Gateway - which in this case would be overkill anyway.

MDaemon includes (with the Pro Version)  the ability to create Gateways. These can use LDAP etc for verification - but until you actually install the product you don't really see all of the options available within the Gateway. (an example of the poor documentation on their website I guess).

The Gateways are able to use the Antispam and Antivirus facilities of the main mail server application, regardless of the license size chosen for the MDaemon installation. Thus their entry level 6 user MDaemon license would allow one to run multiple Gateways, for multiple domains. A "hidden" feature that for this type of usage is ideal.

As I said, I was not disputing/disagreeing with the possibility of using IIS with Windows SMTP service.
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now