Virtualmin for backup mail server only

4 posts / 0 new
Last post
#1 Fri, 02/23/2007 - 02:27
OleKirkholt

Virtualmin for backup mail server only

Hello

I thinking about using virtualmin for my main mail and web-server.

I would also like a backup mail (MX) server at a different location. Is virtualmin overkill for that purpuse ?

Does anyone know of other simple web-adminstered backup mail server software ?

best regards

Ole

Fri, 02/23/2007 - 04:21
ADobkin

For backup mail servers, I just use a basic CentOS Linux install with Webmin (not Virtualmin) to help manage the system. However, there are some important things you need to be aware of when running backup MX servers so you don't get hammered with spam. For one thing, you have to manage the list of relays allowed to use your server. You should configure the backup MX to block out as much spam and viruses as possible before it gets to your primary server. There are many solutions available for this, so I won't mention them here. You should also have a way for the backup MX to know which users and e-mail addresses are valid from the primary server, instead of just accepting all mail to your relay domains and then bouncing it back. Otherwise it generates an unbelievable amount of "postmaster notify" messages and opens you up to backscatter, joe job attacks, etc.

Virtualmin is an excellent product for web and e-mail hosting, but IMHO it is not quite there yet for dealing with some of these infrastructure issues like backup mail servers. There are many advanced things you can do with it, such as setting up LDAP to manage a single directory of accounts, which is almost essential to operate multiple servers properly. However, the default installation of Virtualmin assumes that everything is local to the system. I'm sure this will change and get easier over time, especially once the product is a bit more mature, but in the meantime you may have to do some of this work yourself.

I'm just speaking from my experience, so I'm sure that Joe or Jamie will chime in here and correct me if I'm wrong.... :-)

Fri, 02/23/2007 - 04:22
ChrisBlackwell

If you use VM on your backup MX or DNS then it makes your system very simple to use and administer.

In Webmin on your primary server you add your secondary/backup servers into the Webmin Servers Index. You can then tell the Virtual Server moduile to add these as Backup MX servers for domains hosted on your primary.

For DNS you can use the Cluster Slave Servers feature in the Bind module and slave zones will be created on your secondary servers whenever a master zone is added on the primary.

I'm not 100% sure but i believe you only need VM Pro on the primary, and GPL on the backups for this to work. Although personally i'd rather have Pro on all of them so that i could easily promote a backup if needed

Fri, 02/23/2007 - 04:50
ADobkin

Okay, I forgot about the Secondary Mail Servers feature because I don't use it. My concern with it is the same issue I have with the clustering feature in general, which is stated in the help text:

Before any servers will appear, they must first be added to the Webmin Servers Index module, in which you must enter the root login and password for the remote server.

Any time a root password to another system is saved in a file, this is a big red flag. Yes, it makes things much easier from an administrative standpoint, but it also makes things very easy for potential attackers. Now, not only have they compromised one system, but they have the keys to compromise <b>all</b> of your systems.

I'm sure others will disagree with me on this, but this is just not a strong enough security practice for my comfort level. Don't get me wrong, I love Virtualmin and use it heavily to run my hosting services, but I believe this is one of its current limitations.

Aside from the security issue though, I don't believe the Secondary Mail Servers feature currently does most of what I suggested in my previous post. My understanding is that it just sets up the relay domains, which will get things basically working, but there is a lot more to it than that if you want to cut down on spam, bounced mail, and other problems.

Topic locked