script would check the first mx record and only if that is down, would open Port 25 on the backup server

[Bob.Dig]

First, I have no clue about scripting, for hmail or in general and I don't think you can do that with hmail scripting but I ask anyway:
Wouldn't it be nice, to have a backup email server only running, or "opened", if the first mx is actually down? I read here about spammers targeting the last servers within the mx record and such. So if a powershell(?) script would check the first mx record and only if that is down, would open Port 25 on the backup server, wouldn't that be great?

[SorenR]

https://en.wikipedia.org/wiki/Nolisting

Alternatively ...

I had a Backup MX for many years and my DNS would list priority 1 = mailserver, priority 2 = backupmx, priority 3 = mailserver.
Everything would go to priority 1
if priority 1 is down, everything go to priority 2
Spammers trying to circumvent Anti-SPAM would use priority 3 (which is also priority 1) and achieve nothing.

[Bob.Dig]

Alternatively ...

Interesting. I had hmail server running for years and had no spam at all, but I am not using it much anyway. And I like your suggestion, thank you for that, but would prefer something more clean, like actually open (and closing) ports only if needed or similar. I thought maybe someone here already does it like this?

[mattg]

You would need to run that script on the backup mx, and that would be independent of hMailserver

On Linux I would use 'monit' to do that

[SorenR]

Alternatively ...

Interesting. I had hmail server running for years and had no spam at all, but I am not using it much anyway. And I like your suggestion, thank you for that, but would prefer something more clean, like actually open (and closing) ports only if needed or similar. I thought maybe someone here already does it like this?

A Backup MX is usually OFF-SITE in case someone run a CAT over your internet cable.

[Bob.Dig]

You would need to run that script on the backup mx, and that would be independent of hMailserver

On Linux I would use 'monit' to do that

True, but my backup mx would still be a hmailserver, because reasons (I have no clue about linux).
So I would be interested in a Win-solution.

[ara]

For port testing, you can use this tool http://www.portchecktool.de.

[Bob.Dig]

For port testing, you can use this tool http://www.portchecktool.de.

No, there are easy powershell commands that can do that for you. But someone would have to create a full script to do everything what has to be done, to have a turn key solution.

[SorenR]

How would you monitor the primary server?

There is a million different ways the primary server could stop responding ...

Manipulating ports in hMailServer ...
https://www.hmailserver.com/documentati ... _tcpipport

[Bob.Dig]

Probably would to

Code: Select all

PS C:\> tnc www.shellhacks.com -p 25

But again, I have no clue about powershell scripting or scripting in general.

[SorenR]

Probably would to

Code: Select all

PS C:\> tnc www.shellhacks.com -p 443

But again, I have no clue about powershell scripting or scripting in general.

Webserver may run while mailserver is crashed ...

You would need a "heartbeat" between the two servers. Primary server would monitor internals is functioning (somehow) and "flatline" in case of problems (service stopped/crashed, computer stopped/crashed or Internet connection stopped/crashed).
Secondary server would sleep until primary server "flatline". The "heartbeat" could be as simple as a job on the primary server polling a webpage on the secondary server.
When polling webpage a timestamp is logged and when timestamp is older than 3 minutes the port on the secondary server is opened. WHEN the "heartbeat" is resumed the port on the secondary server is closed...

Easy peasy

[Bob.Dig]

Easy peasy

Sry, updated the port in post above.
I really like my idea , that the second sever is always on and the script is just scanning port 25 of the first server. Then, if it is not reachable, the script would open port 25 of the firewall of the second server. If server one comes up again, it would close port 25.
At least it sounds simple to me.

[fjansen04]

Or, use this:

http://www.junkemailfilter.com/spam/fre ... rvice.html

The backup mx checks if the first mx is up.

[Bob.Dig]

Or, use this:

Hell no. I don't want to use any third party.
My first mx is at home, the second mx is at my vps, also hmail.
At home I have a pfSense with pfBlocker, but not at my vps.
So some extra security I wouldn't mind, although I never had spam in the first place, so I am hardly know what I am talking about.

[mikedibella]

I read that you want to host a second instance of HMS on a different server than your primary HMS host, this second HMS would be listed in the DNS with an MX having a higher Priority number than your primary host. You want this backup server to be listening for connections on port 25 only when the secondary server detects that connections to the primary server cannot be made.

Monitoring software can do all of that. I use Servers Alive (https://www.woodstone.nu/salive/download.php). This software can monitor an SMTP port and alarm when the either a connection cannot be made or the protocol response to connection is incorrect. It can also trigger a command or a start a service on the local system.

The free version of Servers Alive allows for ten monitoring points, or checks. It is not time-limited.

So, using Servers Alive, create a monitor using the built-in SMTP protocol definition. Servers Alive will connect to the remote host and look for "220" to be returned, if it sees this data in the response, it will tidy up by sending a QUIT, close the connection, and mark the server as up. If it doesn't see it, it will close the connection and mark the server down.

Next, Servers Alive, based on the primary HMS server being transitioned to down, it can trigger either a start of the primary HMS server, or you can specify a command such as SC.EXE to resume the service from paused.

The only thing left to engineer is when to stop or pause the the secondary server. Presumably you would only want to do that then the queue of the secondary server is drained, so that you don't wind up sequestering undelivered messages when the primary server comes back up.

This is going to require a little more ingenuity. Servers Alive can also execute a check conditionally based on whether a parent check is up or down, so you would create a second check that is only evaluated based on the primary server being up. The second check runs a utility to determine the number of messages in queue. If the queue length is zero, the check stops or pauses the secondary HMS server.

I wrote a small utility to serve this purpose. It is posted here: https://www.hmailserver.com/forum/viewt ... 20&t=30859

[Bob.Dig]

Interesting. Thank you.

[palinka]

How would you monitor the primary server?

https://hmailserver.com/forum/viewtopic ... 01#p215301

Here's one way.