On 08 Dec 14:47, Mark Rogers wrote:
Can't think of a good subject for this, sorry!
I have a customer with an ADSL line and direct delivery of email via SMTP to their external IP (into Exchange). The MX record for the domain points to one of my servers running Postfix, which basically forwards mail to their IP if it is up.
So far so good....
However, they've just suffered a BT-inflicted ADSL outage that's lasted several days and they want to have a backup for the future. They're going down the 3G backup route (using a router which falls over from ADSL to 3G), but this will give them a dynamic IP when on 3G and, more importantly, we've found out the hard way that in general 3G providers do not allow us to make incoming connections (whether on port 25 or any other).
So, my question is: what is the best solution to this?
I have come up with several options:
- Move the email to POP3 delivery, ie mail ends up in a POP3 mailbox
on my server, they collect periodically from that box. From experience this causes problems with Exchange, although I don't recall what exactly.
The Exchange pop for incoming mail handler is *terrible* - not a good way to go.
- Provide some kind of POP3/IMAP access to the Postfix mailqueue, so
in normal use mail comes via SMTP, but when they switch to 3G they can access the mailqueue (using POP3 or IMAP, and then by extension via webmail) as a temporary measure, with the mail coming in via SMTP as normal once the connection is restored. However, I have no idea if this is even possible?
It's "possible" but would involve hidden deliveries and a lot of faffing.
- Drop everything to a POP3 mailbox on the server, but configure
fetchmail to deliver it to them via SMTP if the connection is up. Sort of half-way between the two above options.
... suffers that the envelope header has gone, which might not be the same as the From/To values.
- Setup a VPN between the mail server and the exchange server, and
deliver to the VPN address. This seems like the "best" option although I have no idea whether it is practical having never tried it. I'd assume OpenVPN as the best VPN solution? I also don't know how well it would scale if I want to then do this with lots of other sites?
That'd be the way that I'd go. They've then got a "static" ip on a private network to you (and yes, I'd set the vpn up to be static for that).
If you've got windows at one end, and linux at the other, using OpenVPN is probably your best bet.
Cheers,