Redundant Servers and Load Balancing using MX Records

Is there a solution to this problem, other than disabling greylisting in PMG?
the only way, I see to avoid this is to provide different priority to your MX records.

abc.com IN MX 10 pmg1.abc.com abc.com IN MX 20 pmg2.abc.com abc.com IN MX 30 pmg3.abc.com

It has its own "cons", but may speedup mail delivery in your case.
 
  • Like
Reactions: Miasm1
Situation: multiple PMG servers configured in MX with equal preference:

abc.com IN MX 10 pmg1.abc.com
abc.com IN MX 10 pmg2.abc.com
abc.com IN MX 10 pmg3.abc.com

Greylisting is enabled.

Remote server tries to deliver mail for abc.com:

- connects to pmg1 - pmg1 whitelists and defers the email

- after retry interval elapses, remote server re-tries, but this time it connects to pmg2 and since this is "new", it's deferred for greylisting

- remove server retries a third time after its second retry interval expires - and this time connects to pmg3 ... and it's greylisted again.


The next time the remote server attempts the send, the attempt should succeed, since now all 3 PMG servers at abc.com should have the (senderIP, sender-email, recipient-email) triple - unless the mail retry is now so long that those entries have expired. Even if the mail gets delivered, depending on the retry intervals, the mail could by now be seriously delayed.

Is there a solution to this problem, other than disabling greylisting in PMG?

Hi,

Many greylisting solutions, use some kind of database(db files, mysql, whatever). In your case you could use some kind of shared storage(for db format) accessible by any PMG, or some kind of replication. In this case your greylisting system, will work corect, because all yours PMGs will have the same info.

Good luck / Bafta !
 
  • Like
Reactions: Miasm1
just to be clear:

i configured my exchange to forward all to proxmox.mydomain.com (smarthost).

in my windows DNS i have now the following hosts:

proxmox-first.mydomain.com 192.168.2.100
proxmox-backup.mydomain.com 192.168.2.101

and 2 mx records:

1. proxmox.mydomain.com pointing to proxmox-first.mydomain.com - priority 10
2. proxmox.mydomain.com pointing to proxmox-backup.mydomain.com - priority 10

seems working.
you can review my settings at AI Mirror Premium APK

thanks,
maria
i think you can retry the backup server and load balancing with MX records are two techniques that can help improve the reliability and performance of the website or email server. Redundant servers are servers that overlap with each other and are used to provide backup or failover in the event of a server failure. This can be achieved using load balancing techniques, such as circular DNS, where requests are distributed evenly across multiple servers. This way, if one server fails, the load balancer can redirect traffic to another server in the cluster, ensuring that the service remains available.
The MX record, on the other hand, is used to specify the mail exchange server responsible for accepting email messages on behalf of the domain. By setting up multiple MX records with different priority levels, email traffic can be distributed across multiple servers, providing redundancy and load balancing hopefully this information will be useful to other users. Friend
 
  • Like
Reactions: Miasm1
Hi, I'm not 100% sure that my post belongs to this subject, but this would be my scenario:
I'm planing to involve PMG as incoming point for 10 clients of mine , a I'm planning to host it at one ISP (as VM) . So incoming mails for 10 domains will come to this pmg-gw1 and he will forward them to my clients intrante mail servers ... and the other way around for outgoing mails.

But ... for loadbalancing/redundancy sake I would like to put another pmg-gw2 server at another ISP to do the same thing coordinated/controlled by MX records for those mail domains ... I know it will work like it works in pmg clusters in intranet , but since those two my gateways "have internet inbetween" is it some how possible to get their configurations in "sync" ? since pmg-cluster can only be setup on the same lan ...

Thank you very much in advance

BR

Tonci
 
it some how possible to get their configurations in "sync" ? since pmg-cluster can only be setup on the same lan ...
PMG cluster should work across the internet as well - PVE's cluster-stack is sensitive to latency and bandwidth - PMG's cluster-stack not so much
 
PMG cluster should work across the internet as well - PVE's cluster-stack is sensitive to latency and bandwidth - PMG's cluster-stack not so much
thanks, sounds promising ... would point-to-point port-forward be enough ? ... if yes which ports should be opened between those two PMGs ... or sit-to-site vpn is necesary ?

Thanks

BR

T
 
thanks, sounds promising ... would point-to-point port-forward be enough ? ... if yes which ports should be opened between those two PMGs ... or sit-to-site vpn is necesary ?

Thanks

BR

T
For the cluster-sync ports 22 TCP (ssh) and 8006 TCP (API) should be enough (although I have not explicitly tested this - so if you run into issues - try seeing what's missing with tcpdump or the like)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!