Monday, October 29, 2012

Setting Up Linux OS based Postfix As A Backup MX

In this tutorial I will show how you can set up a Postfix mailserver as a backup mail exchanger for a domain so that it accepts mails for this domain in case the primary mail exchanger is down or unreachable, and passes the mails on to the primary MX once that one is up again.
I do not issue any guarantee that this will work for you!

1 Preliminary Note

I want to set up a backup MX for the domain In this example the primary MX for is called (IP address, so I call the backup MX (IP address
I have created MX records for that look like this:               86400   IN      MX      10               86400   IN      MX      20
It's important that the primary MX has a lower number (10) and therefore a higher priority than the backup MX (20).
I'm assuming that the Postfix on is already installed and working.

2 Configuring Postfix On

To make a backup MX for the domain, all we have to do is change/add three lines to /etc/postfix/
vi /etc/postfix/
First make sure that smtpd_recipient_restrictions contains permit_mynetworks and reject_unauth_destination, so something like this would be ok:

smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination

Then we must add to the relay_domains paramater; if there's no relay_domains paramater yet in /etc/postfix/, the following will do:

relay_domains = $mydestination,
And finally we add an empty relay_recipient_maps parameter to
relay_recipient_maps =

(That way we don't have to specify a list of valid email addresses to back up, which might be a daunting task if you have to manage hundreds of email accounts.)
There's one important thing I have to add: You must not list in the following parameters in /etc/postfix/
  • mydestination
  • virtual_alias_domains
  • virtual_mailbox_domains
That's it already. All we have to do now is restart Postfix:

/etc/init.d/postfix restart

3 Testing

To test the new backup MX, we take down the MTA (Postfix, Sendmail, Exim, etc.) on and send an email from some remote server to an account (e.g.

If you have access to the mail log on the remote (sending) server, you should now find something like this in it:
Jun 6 18:29:16 mail postfix/smtp[17746]: AF814144146: to=,[], delay=1, status=sent (250 2.0.0 Ok: queued as DCA5A1BF40F) 

As you see, the mail has been sent to instead of because is unreachable. Now, let's take a look at the mail log of

Jun 6 18:29:16 mx2 postfix/qmgr[3049]: DCA5A1BF40F: from=, size=892, nrcpt=1 (queue active)
Jun 6 18:29:16 mx2 postfix/smtpd[3051]: disconnect from mail.blabla.tld[]
Jun 6 18:29:16 mx2 postfix/smtp[3057]: connect to[]: Connection refused (port 25)
Jun 6 18:29:16 mx2 postfix/smtp[3057]: DCA5A1BF40F: to=, relay=none, delay=0.07, delays=0.03/0.02/0.01/0, dsn=4.4.1, status=deferred (connect to[]: Connection refused) has accepted the mail and tried to connect to to deliver it to the primary MX. Because the primary MX is down, cannot deliver the mail and keeps it in the mailqueue until is available again.
Now we start the MTA on again. The backup MX will not immediately deliver the queued mail, but after some minutes you should see something like this in the mail log of

Jun 6 18:56:44 mx2 postfix/qmgr[3080]: DCA5A1BF40F: from=, size=892, nrcpt=1 (queue active)
Jun 6 18:56:45 mx2 postfix/smtp[3083]: DCA5A1BF40F: to=,[]:25, delay=1648, delays=1648/0.09/0.4/0.12, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 167995B0109)

The mail has been delivered to the primary MX where you can see this in the mail log:
Jun 6 18:56:45 mx1 postfix/local[4963]: 167995B0109: to=, orig_to=, relay=local, delay=0.54, delays=0.08/0.02/0/0.43, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail -f-)

So no mails were lost while was down, and users can continue to retrieve their mails from

Thursday, October 18, 2012

Exchange 2010 Messages Stuck in Retry status in "MapiDeliveryQueue"

In case your Exchange admin life wasn't difficult enough, you can always have this problem, manifested with the following symptoms:

- Mail delivery hung
- Messages stuck in local delivery "MapiDeliveryQueue" with a status of "Retry"

Classic tactics such as restarting the server or right-clicking the queue and selecting "Retry" have no effect.

The key here is that Exchange 2007 and later treat these messages differently than standard SMTP queues. In order to process these messages, they need to be re-submitted using the following Exchange cmdlet:

Retry-Queue -Filter {Status -eq "Retry"} -Server "exchangeserver" -resubmit $true

The default re-submit queue time is 12 hours. To modify this:

1. Using Notepad, edit the file: C:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe.config.
2. Modify the following line in the section:

3. Save the file.
4. Open up the Exchange Command shell and run restart-service *rt

Tuesday, October 9, 2012

Recent Useful Commands

Check Maillog and Mail Queue (Postfix Mail Server)
 #tail  -f   /var/log/maillog

Delete a message from postfix mail queue

 #postsuper   -d  1FD3D2F8BAE <---- MailID

Flush Messages
#postfix   flush

find out about your Postfix version to make sure it supports custom bounce messages:

postconf -d | grep mail_version
maximal_queue_lifetime: The maximal time a message is queued before it is sent back as undeliverable.
delay_warning_time: The time after which the sender receives the message headers of mail that is still queued.

The postconf -n command shows the settings that are currently configured in /etc/postfix/, whereas the postconf -d command shows the default settings that are valid unless something else is set in /etc/postfix/

To find out about the current value of maximal_queue_lifetime, you can run

postconf -d | grep maximal_queue_lifetime
postconf -n | grep maximal_queue_lifetime 

If postconf -n doesn't display anything, this means the value from postconf -d is currently being used:

server2:~# postconf -d | grep maximal_queue_lifetime
maximal_queue_lifetime = 5d
server2:~# postconf -n | grep maximal_queue_lifetime

The same goes for delay_warning_time:
postconf -d | grep delay_warning_time
postconf -n | grep delay_warning_time

server2:~# postconf -d | grep delay_warning_time
delay_warning_time = 0h

server2:~# postconf -n | grep delay_warning_time

If you want to modify these settings, you can use the postconf -e command. It will write the settings to /etc/postfix/, e.g. like this:

postconf -e 'maximal_queue_lifetime = 1d'
postconf -e 'delay_warning_time = 0h'

Parameters minimal_backoff_time, maximum_backoff_time and queue_run_delay
maximal_backoff_time (default: 4000s)
The maximal time between attempts to deliver a deferred message.

This parameter should be set to a value greater than or equal to
$minimal_backoff_time. See also $queue_run_delay.
Time units: s (seconds), m (minutes), h (hours), d (days), w
(weeks). The default time unit is s (seconds).

Windows 2003 commands

Check local users & groups
#net  user
Change properties local users
#control   userpasswords2