Building a redundant mail service

Nikolaos Milas nmilas at
Thu Sep 18 12:02:38 UTC 2014


I would appreciate your advice on the following:

We are trying to build a redundant mail service, and we are 
investigating the use of nginx as smtp/pop3/imap proxy with TLS/SSL 
support (ports 25/587, 143/993, 110/995).

We already have two production mail servers, vmail1 and vmail2, running 
postfix/dovecot (with virtual users on LDAP), each running on a separate 
data center.

vmail1 is the main one (i.e. the one used to send mail and host users' 
mailboxes), vmail2 is only used as a backup.

Mailboxes are using Maildir format and are being synced (in near 
real-time) using dovecot dsync service.

IMPORTANT: Each of the two servers has its own distinct server name and 
its own separate certificate. This allows proper parallel operation of 
postfix and dovecot IMAP syncing.

(I will not describe the incoming mail process, because it is beyond the 
scope of this mail.)

Our goal is to allow our users to always use one address, say 
**, to automatically access SMTP/POP3/IMAP services at 
vmail1 and, only if vmail1 is down, at vmail2.

DNS could offer a solution: creating, for example, a CNAME 
"" pointing to vmail1 would probably solve the problem 
by using a very low DNS record refresh time and use a script to monitor 
vmail1 availability; if vmail1 is down, the script could update the 
CNAME to point to vmail2 instead (and force a zone refresh). This could 
leave a small downtime window (depending on the refresh time configured).

Yet, I am thinking that it may be more advantageous to use another two 
*identical* VMs (one on each data center, for redundancy) running NGINX, 
with the common name (and a common certificate for) 
(in DNS: an A record with two IP Addresses). Both proxies would 
automatically redirect (via NGINX) all SMTP/POP3/IMAP requests to vmail1 
and, only if vmail1 is down, to vmail2, while the user will always 
see/configure as their mail server.

Is this a feasible scenario? Any hints, experiences, configuration 
advice, pitfalls, alternative approaches etc. would be greatly appreciated.

Please advise.

Thanks in advance,

More information about the nginx mailing list