On 24.09.2014, at 15:06, Nikolaos Milas <nmi...@noa.gr> wrote:
> We already have two production mail servers, vmail1 and vmail2, running
> postfix/dovecot (with virtual users on LDAP), each running on a separate data
> center.
Same here, called mx1 and mx2.
> vmail1 is the main one (i.e. the one used to send mail and host users'
> mailboxes), vmail2 is only used as a backup.
Different here, see below.
> Mailboxes are using Maildir format and are being synced (in near real-time)
> using dovecot dsync service.
Same here ...
> IMPORTANT: Each of the two servers has its own distinct server name and its
> own separate certificate. This allows proper operation of IMAP syncing.
... with the difference, that I use a dedicated IPSec tunnel between both
servers for dsync over TCP.
> Our goal is to allow our users to always use one address, say
> *vmail.example.com*, to automatically access SMTP/POP3/IMAP services at
> vmail1 and, only if vmail1 is down, at vmail2.
Here, mx1 has MX 10 and mx has MX 90 records set in zonefile, and in addition
mail pointing to both mx1 and mx2:
IN MX 10 mx1.example.com.
IN MX 90 mx2.example.com.
mx1 IN A 1.2.3.4
mx2 IN A 1.2.3.5
mail IN A 1.2.3.4
mail IN A 1.2.3.5
Now, mail.example.com is the only name used by my users, and whatever server is
chosen by that poor man's failover approach is accepting mail and sending mail
from my users. Outgoing IMAP folders are immediately dsynced by dovecot's
aggregator/replicator mechanism. Thus, I do only have a "main" server with
regard to mx priority, but outgoing mail is handled by any server being chosen
by the client (works with Mail.app, both at OS-X and iOS).
> Any hints, experiences, configuration advice, pitfalls, alternative
> approaches etc. would be greatly appreciated.
That setup works like a charm, although I do have to admit, that both servers
are only used by a handful of users with < 2000 mails/day.
Just my 2 cents and regards,
Michael
