[Rspamd-Users] Backup MX?
tomek at kolosowscy.pl
Tue May 11 10:22:33 UTC 2021
I was thinking that perhaps I'd still try to set up a backup just for
the sake of an educational value I might get out of it, but given it'd
have to essentially be a 2-node master-master cluster and as far as I
know these should come in sizes of minimum three to work, I think I'll
just back off and abandon it entirely.
Thanks for the input, you certainly got me convinced.
W dniu 10.05.2021 o 00:53, Tim Harman via Users pisze:
> On 08/05/2021 1:29 am, Tomek Kołosowski wrote:
>> I'd like to ask about best practices revolving around setting up
>> backup MX server with rspamd. Mainly, how complex this setup should
>> I'll describe my specific use case here, though I'm sure this can be
>> generalized to a more broad use-case range. But without further due:
>> I have a personal self-hosted at home mailserver and I'm planning on
>> setting up a proper backup MX in OVH. The stack is composed of
>> postfix/dovecot/rspamd/clamav/roundcube, put together manually from
>> distribution's packages (in this case, gentoo).
>> I'm planning on setting up a backup in OVH and was wondering if simple
>> plain postfix with proper backup mx transport configuration would do,
>> or do I also have to setup rspamd there as well? As far as I noticed,
>> rspamd only checks direct sender against spam lists so I guess with
>> such simple setup those checks would effectively stop working, as most
>> email senders would try backup after noticing that primary server
>> rejected their email?
>> On the other hand, if I were to setup rspamd there, how complex the
>> deployment has to be as to not degrade protection measures? Do I have
>> to cluster/synchronize bayes/neural/other storages? Or is there a
>> simpler setup that I can get up to speed on backup MX that would not
>> degrade my spam protection?
>> Any input is highly appreciated guys :)
>> Tomasz Kołosowski
> I'm the same, a small personalal mailserver. I used to have a backup
> MX, speaking back to rspamd over a OpenVPN connection. Then after a
> discussion with a workmate one day, I turned off my backup MX.
> The reasons were because:
> a) The backup MX gets more spam attempts.
> b) Email servers these days will keep retrying if the primary MX is
> offline. Almost every mailserver out there will properly queue mail.
> c) Email is pretty short-term these days, if your mailserver was down
> for say, longer than 7 days, would it really have been worthwhile
> having your backup MX accept all that mail anyway? (Some will argue
> YES to this, which is understandable)
> My workmate made me realise the effort and bother of running a backup
> MX is basically pointless, because remote servers will enqueue mail
> they can't send. They act as a backup MX for you!
> Anyway, to answer your question assuming you do want to run a backup MX:
> It's very important the backup MX speaks to your rspamd instance.
> Otherwise things like greylisting don't work, nor proper spam
> filtering. If you don't, you'll find spammers very happily sending
> your backup MX a lot of mail which it'll happily accept. You really
> want rspamd to have a "whole" view of your email, that is all points
> in your network where mail can "get in" should be filtered by rspamd.
> Running multiple rpsmads is also possible instead of both mailservers
> speaking to a single instance but you probably want to talk back to a
> single redis instance so they have the same view of things. Otherwise
> you'll end up greylisting mail twice, or your primary mailserver won't
> learn as much spam via Bayes because a lot of spam will be send your
> backup MX which will filter it, so your primary mailserver's rspamd
> won't ever "see" it.
> Again, for a small mailserver, I think it's more trouble than it's
> worth to do properly. But if you do, you need to get the sync of the
> state correct.
More information about the Users