Hello, I would appreciate your advice on the following:
We are trying to build a redundant mail service, and we are investigating the use of nginx as smtp/pop3/imap proxy with TLS/SSL support (ports 25/587, 143/993, 110/995).
We already have two production mail servers, vmail1 and vmail2, running postfix/dovecot (with virtual users on LDAP), each running on a separate data center.
vmail1 is the main one (i.e. the one used to send mail and host users' mailboxes), vmail2 is only used as a backup.
Mailboxes are using Maildir format and are being synced (in near real-time) using dovecot dsync service.
IMPORTANT: Each of the two servers has its own distinct server name and its own separate certificate. This allows proper parallel operation of postfix and dovecot IMAP syncing.
(I will not describe the incoming mail process, because it is beyond the scope of this mail.)
Our goal is to allow our users to always use one address, say *vmail.example.com*, to automatically access SMTP/POP3/IMAP services at vmail1 and, only if vmail1 is down, at vmail2.
DNS could offer a solution: creating, for example, a CNAME "vmail.example.com" pointing to vmail1 would probably solve the problem by using a very low DNS record refresh time and use a script to monitor vmail1 availability; if vmail1 is down, the script could update the CNAME to point to vmail2 instead (and force a zone refresh). This could leave a small downtime window (depending on the refresh time configured).
Yet, I am thinking that it may be more advantageous to use another two *identical* VMs (one on each data center, for redundancy) running NGINX, with the common name (and a common certificate for) vmail.example.com (in DNS: an A record with two IP Addresses). Both proxies would automatically redirect (via NGINX) all SMTP/POP3/IMAP requests to vmail1 and, only if vmail1 is down, to vmail2, while the user will always see/configure vmail.example.com as their mail server.
Is this a feasible scenario? Any hints, experiences, configuration advice, pitfalls, alternative approaches etc. would be greatly appreciated.
Please advise. Thanks in advance, Nick _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
