Announcement

Collapse
No announcement yet.

Mx record & fail over

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mx record & fail over

    I have one MX record and all is working within my network.

    I use Trend for relaying OUTGOING and filter incoming.

    but I want to have a fail over so when my ISP goes down I want to be able to continue e-mailing.

    I've already configure my second ISP on my firewall and with Trend. So my main question is do I need a second MX record?

  • #2
    Re: Mx record & fail over

    Why would you? You're talking about the ISP going down, not the email server.

    Comment


    • #3
      Re: Mx record & fail over

      Originally posted by joeqwerty View Post
      Why would you? You're talking about the ISP going down, not the email server.
      I have a backup ISP configured on my firewall, the backup ISP has a totally different Public IP address. So when it goes down (ISP) mail goes out but I don't receive anything.

      example: I used my backup ISP and then sent e-mail to my yahoo account in the mail Q I can see the mail leave my exchange, but I never received it. I also sent an email from my yahoo account to my domain account again didn't receive it.

      Comment


      • #4
        Re: Mx record & fail over

        You will need to let Trend know about the new source if your relaying mail to them, otherwise they will drop it.
        You will also need to give Trend the IP of the backup connection as a backup/ secondary delivery location.

        Make sure your allowing smtp traffic outbound and inbound from your Exchange server on the firewall and router.
        The most important thing in life is to be yourself.

        Unless you can be Batman.
        Always be Batman.

        Comment


        • #5
          Re: Mx record & fail over

          ok folks still not clear on this one.

          I've added the second IP address to Trend for filtering (in/out)

          but shouldn't I also add the second IP address to my current mx record?

          166.xxx.xxx.xxx (preference 30)??

          Comment


          • #6
            Re: Mx record & fail over

            I don't think you need to public add the IP address.

            You currently send and receive mail using Trend as you SMTP Host for AV/ Antispam and SMTP caching if I read it right.

            If you add your piblic IP as a route for mail in, then potentially you'll receive un-cleaned mail and worse.


            Please correct me if my understanding is incorrect.

            Internet -> Email -> Trend -> your mail server
            Your mail server -> Email -> Trend -> Internet
            The most important thing in life is to be yourself.

            Unless you can be Batman.
            Always be Batman.

            Comment


            • #7
              Re: Mx record & fail over

              Originally posted by wobble_wobble View Post
              I don't think you need to public add the IP address.

              You currently send and receive mail using Trend as you SMTP Host for AV/ Antispam and SMTP caching if I read it right.

              If you add your piblic IP as a route for mail in, then potentially you'll receive un-cleaned mail and worse.


              Please correct me if my understanding is incorrect.

              Internet -> Email -> Trend -> your mail server
              Your mail server -> Email -> Trend -> Internet
              correct, but in my current MX record I have to entries Trend's Public IP and my Public IP Trend at 10 preference and 20 at with my public IP.

              I took down my first ISP (unplugged) and the second kicks in, which is what we want, but mail was never delivered while sending/receiving & no mail in my Q.
              Once I plugged my first ISP back in, boom mail gets delivered.

              Comment


              • #8
                Re: Mx record & fail over

                check the mail headers, are the delivers mails coming direct or through Trend?
                The most important thing in life is to be yourself.

                Unless you can be Batman.
                Always be Batman.

                Comment


                • #9
                  Re: Mx record & fail over

                  Originally posted by wobble_wobble View Post
                  check the mail headers, are the delivers mails coming direct or through Trend?


                  Trend:

                  15.0.995.29 via Frontend Transport; Mon, 22 Sep 2014 15:43:57 -0400
                  Received: from in13.sjc.mx.trendmicro.com (unknown [10.30.239.130])
                  by out07.sjc.mx.trendmicro.com (Postfix) with ESMTP id

                  so in theory this should work if my first ISP goes down...but when I tested the ISP fail over, I could send and I never received mail to my yahoo account. I sent from my Yahoo and also never received it. Again it was a short test only like 20 minutes.

                  Comment


                  • #10
                    Re: Mx record & fail over

                    Have you updated the Trend account to reflect the added IP address for the 2nd connection?

                    Info here on page 120 Section 5-16
                    http://docs.trendmicro.com/all/smb/h...-us/hes_ag.pdf

                    Quick summary here on page 2
                    http://docs.trendmicro.com/all/smb/h...us/hes_qsc.pdf

                    You need confirmation from Trend, that they have accepted the secondary IP, before they accept it and will check there for delivery.
                    Been a while since I played with it, and some of the versions needed you to notify them of an IP delivery change.

                    As they cache mail, I'd expect your email from Yahoo to get to Trend for delivery, so there are two things you need to investigate.

                    As I've seen it set up;
                    Trend hold you primary and only MX record, and you tell Trend who to deliver the mail to, your primary and secondary firewall IP's.
                    You then configure the firewall to only accept inbound SMTP from Trend.

                    You configure all outbound mail to use Trend as a SMTP relay, if as in your case you are using Trend to clear outbound mail as well.

                    Is this how you have it set up?
                    The most important thing in life is to be yourself.

                    Unless you can be Batman.
                    Always be Batman.

                    Comment


                    • #11
                      Re: Mx record & fail over

                      Originally posted by wobble_wobble View Post
                      Have you updated the Trend account to reflect the added IP address for the 2nd connection?

                      Info here on page 120 Section 5-16
                      http://docs.trendmicro.com/all/smb/h...-us/hes_ag.pdf

                      Quick summary here on page 2
                      http://docs.trendmicro.com/all/smb/h...us/hes_qsc.pdf

                      You need confirmation from Trend, that they have accepted the secondary IP, before they accept it and will check there for delivery.
                      Been a while since I played with it, and some of the versions needed you to notify them of an IP delivery change.

                      As they cache mail, I'd expect your email from Yahoo to get to Trend for delivery, so there are two things you need to investigate.

                      As I've seen it set up;
                      Trend hold you primary and only MX record, and you tell Trend who to deliver the mail to, your primary and secondary firewall IP's.
                      You then configure the firewall to only accept inbound SMTP from Trend.

                      You configure all outbound mail to use Trend as a SMTP relay, if as in your case you are using Trend to clear outbound mail as well.

                      Is this how you have it set up?
                      yes all is correct within Trend, their GUI is pretty simple and helpful:
                      Attached Files

                      Comment


                      • #12
                        Re: Mx record & fail over

                        Next thing is to ask Trend Support what the failover time is so.

                        Sometimes the failover could be set to 3 or more hours and you may have to iniatiate a failover to occur.

                        Are you sure your firewall is configured to allow inbound SMTP on the second ISP etc?
                        The most important thing in life is to be yourself.

                        Unless you can be Batman.
                        Always be Batman.

                        Comment


                        • #13
                          Re: Mx record & fail over

                          Originally posted by wobble_wobble View Post
                          Next thing is to ask Trend Support what the failover time is so.

                          Sometimes the failover could be set to 3 or more hours and you may have to iniatiate a failover to occur.

                          Are you sure your firewall is configured to allow inbound SMTP on the second ISP etc?
                          checked with Trend they said about 3 hours

                          Comment


                          • #14
                            Re: Mx record & fail over

                            Ok, and what about forcing a failover. Have they got that fixed yet?

                            Can you confirm that you can route mail into your other IP?

                            After that, last thing is to find out where your missing yahoo mail went.
                            The most important thing in life is to be yourself.

                            Unless you can be Batman.
                            Always be Batman.

                            Comment


                            • #15
                              Re: Mx record & fail over

                              Originally posted by wobble_wobble View Post
                              Ok, and what about forcing a failover. Have they got that fixed yet?

                              Can you confirm that you can route mail into your other IP?

                              After that, last thing is to find out where your missing yahoo mail went.
                              only way I can "confirm" is by testing it. But I can't take down the first ISP for 3 hours. I asked Trend about a quicker delivery time. No reply as of yet.

                              Comment

                              Working...
                              X