MScanner Disaster Recovery

Quentin Campbell Q.G.Campbell at NEWCASTLE.AC.UK
Wed Feb 2 07:56:40 GMT 2005

>-----Original Message-----
>From: MailScanner mailing list 
>[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Joe Smith
>Sent: 01 February 2005 18:21
>Subject: Re: MScanner Disaster Recovery
>On Tue, 1 Feb 2005, Stephen Swaney wrote:
>> With this configuration it's lose a gateway at 1:00 AM - fix 
>it the next
>> morning because email will still be delivered.
>What about when the gateway that goes down also handles the 
>POP3 accounts?
>I know about the only way to provide a secondary lookup for a 
>POP3 server
>is via DNS somehow,  and this could have way too much lag time.

It is good system and security practice to maintain separation of

Mail gateways/relays should not also be mailbox servers. These are
separate functions often run by different parts of an organisation. 

For example at this university the central computing service (ISS) is
responsible for the mail gateways of which we have 8, all with identical
software and tables and running as equal value MX hosts for our domains.

This is an easily scalable architecture and provides resiliance through
redundancy. No user access is required to these relays. They act as the
SMTP "firewall" for the site. They are simple to maintain and upgrade.

Behind these the university runs many mailbox servers. Only some of
these are run by the ISS. The rest are run by departments and projects.
But _all_ mail servers must route their outgoing mail through the mail
gateways (the SMTP firewalls). As implied above _all_ incoming mail to
the site is also routed through the mail gateways (and hence through MS
+ SA + friends). 

I do acknowledge though that while it is easy to provide a resilient and
scaleable mail gateway architecture it is rather more difficult to
provide a scaleable and resilient mail server architecture. 

We have a number of stand-alone Unix-based POP & IMAP servers (and a few
remaining Novel POP servers) but the most resilient and scaleable mail
server architecture we run is that based around a cluster of Exchange
servers running with automatic failover. This is not a cheap solution

By keeping the mail relay machines separate from mail gateway machines
we are free to evaluate many different mail server arhitectures and
services, often running on operating systems different to that which
runs on our mail gateways. 

A useful read is the UKERNA techical guide "Designing Reliable Mail
Systems" - see

PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
"Any opinion expressed above is mine. The University can get its own." 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list