redundancy on multi-homed hosts for outgoing mail

10/03/2008, 21h47

My server is multi-homed with two ip addresses on different
interfaces.

Is it possible to set up things so that if an outgoing network
connection fails (for example a timeout) on one interface that it
automatically retries out the other with the other source address?

Incoming mail is working on both interfaces.

I am running sendmail version 8.14.1 on freebsd 6.3.

Michael Grant

11/03/2008, 09h26

"Michael Grant" <michael.grant@gmail.com> wrote in message
news:0d6c72d8-8bbb-49f9-8489-fe109e9b16e4@e60g2000hsh.googlegroups.com...
> My server is multi-homed with two ip addresses on different
> interfaces.
>
> Is it possible to set up things so that if an outgoing network
> connection fails (for example a timeout) on one interface that it
> automatically retries out the other with the other source address?
>
> Incoming mail is working on both interfaces.
>
> I am running sendmail version 8.14.1 on freebsd 6.3.

I don't believe that's a sendmail issue - but a routing table issue within
your multi-homed host.

11/03/2008, 11h29

On Mar 11, 9:26 am, "D. Stussy" <s...@bde-arc.ampr.org> wrote:
> "Michael Grant" <michael.gr...@gmail.com> wrote in message
>
> news:0d6c72d8-8bbb-49f9-8489-fe109e9b16e4@e60g2000hsh.googlegroups.com...
>
> > My server is multi-homed with two ip addresses on different
> > interfaces.
>
> > Is it possible to set up things so that if an outgoing network
> > connection fails (for example a timeout) on one interface that it
> > automatically retries out the other with the other source address?
>
> > Incoming mail is working on both interfaces.
>
> > I am running sendmail version 8.14.1 on freebsd 6.3.
>
> I don't believe that's a sendmail issue - but a routing table issue within
> your multi-homed host.

No I disagree. I don't think this is a routing issue. I might be
using the term multi-homed incorrectly. The two interfaces have
different IP addresses on them. I cannot shove packets out one
interface with the ip address of the other. The machine is not a
router and there's no routing exchange between my machine and the
network to get those packets back to me if I do.

It's as if I need to specify multiple CLIENT_OPTIONS in my .mc file,
but this doesn't work.

What I'm looking for is a way to tell sendmail to first try with one
source address and if that fails, try with a different one. This way,
if one network is down, mail still goes out.

Up to now, when this happens, I have been flipping things over
manually. Fortunately this doesn't occur often, though it would be
best if it were automatic.

11/03/2008, 11h49

Michael Grant <michael.grant@gmail.com> wrote:

> On Mar 11, 9:26 am, "D. Stussy" <s...@bde-arc.ampr.org> wrote:
>> "Michael Grant" <michael.gr...@gmail.com> wrote in message
>>
>> news:0d6c72d8-8bbb-49f9-8489-fe109e9b16e4@e60g2000hsh.googlegroups.com...
>>
>> > My server is multi-homed with two ip addresses on different
>> > interfaces.
>>
>> > Is it possible to set up things so that if an outgoing network
>> > connection fails (for example a timeout) on one interface that it
>> > automatically retries out the other with the other source address?
>>
>> > Incoming mail is working on both interfaces.
>>
>> > I am running sendmail version 8.14.1 on freebsd 6.3.
>>
>> I don't believe that's a sendmail issue - but a routing table issue within
>> your multi-homed host.
>
> No I disagree. I don't think this is a routing issue. I might be
> using the term multi-homed incorrectly. The two interfaces have
> different IP addresses on them. I cannot shove packets out one
> interface with the ip address of the other. The machine is not a
> router and there's no routing exchange between my machine and the
> network to get those packets back to me if I do.
>
> It's as if I need to specify multiple CLIENT_OPTIONS in my .mc file,
> but this doesn't work.
>
> What I'm looking for is a way to tell sendmail to first try with one
> source address and if that fails, try with a different one. This way,
> if one network is down, mail still goes out.
>
> Up to now, when this happens, I have been flipping things over
> manually. Fortunately this doesn't occur often, though it would be
> best if it were automatic.

You may consider using a monitoring script to switch between sendmail
two configurations (with different CLIENT_OPTIONS).
AFAIK other solutions would require source code changes in sendmail.cf
e.g. to handle situation in which both connections are up and running
nut only one of them has connectivity problem to *some* (but not all)
nets.

The "difference of opinions" between you two may be caused by using
different assumptions:
a) single address space with two Internet connections.
It is best handled at routing level by routers.
[It is proffered solution by medium+ ISP]
b) two *separate* address spaces - switching default route "breaks"
already established TCP connections.
[It seems to be quite common for small firms.]

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/
Isn't it nice that people who prefer Los Angeles to San Francisco live there?
-- Herb Caen

11/03/2008, 15h32

On 03/11/08 05:29, Michael Grant wrote:
> No I disagree. I don't think this is a routing issue. I might be
> using the term multi-homed incorrectly. The two interfaces have
> different IP addresses on them. I cannot shove packets out one
> interface with the ip address of the other. The machine is not a
> router and there's no routing exchange between my machine and the
> network to get those packets back to me if I do.

I don't know if it is a routing issue or not. However here are some
things to consider:
- Linux (I'm not sure what kernel you are running) will use the first
(lowest order?) IP address or network interface (I'm not sure which) to
communicate if multiple addresses are on the same subnet.
- With out modification, once the kernel chooses a route, that route
will be cached. Routes are usually chosen per destination.

If you bind (I use the term loosely) messages to the Daemon Port that
they came in on, they have to go out the same Daemon Port.

> What I'm looking for is a way to tell sendmail to first try with one
> source address and if that fails, try with a different one. This
> way, if one network is down, mail still goes out.

I don't know if Sendmail its self has this ability or not. What you may
want to consider is seeing if you can't run two instances of Sendmail in
parallel (or at least two config sets under the same daemon) with each
having its own queue(s). That way if one Sendmail is unable to connect,
it could move the message to the other Sendmail's queue and have it try
to deliver on it's next queue cycle. I'm not quite sure how to go about
doing this, but at least it sounds good to me.

IPA <-> DaemonA <->
QueueA and IPB <-> DaemonB <-> QueueB.

> Up to now, when this happens, I have been flipping things over
> manually. Fortunately this doesn't occur often, though it would be
> best if it were automatic.

Another idea would be to run two separate instances of Sendmail and have
them use each other as a FallBack MX. I *think* this will provide what
you are after.

One thing that you will have to keep in mind with either approach is how
many Received: headers it takes to trigger loop detection. Seeing as
how you will likely have more dequeuing attempts, you will probably want
to raise the loop detection. Hopefully someone else who has a better
understanding of how this works will be able to with this too.

Grant. . . .

11/03/2008, 23h43

In article
<5484e201-310e-4481-955b-8cf14aa8eb84@13g2000hsb.googlegroups.com>
Michael Grant <michael.grant@gmail.com> writes:
>On Mar 11, 9:26 am, "D. Stussy" <s...@bde-arc.ampr.org> wrote:
>> "Michael Grant" <michael.gr...@gmail.com> wrote in message
>>
>> news:0d6c72d8-8bbb-49f9-8489-fe109e9b16e4@e60g2000hsh.googlegroups.com...
>>
>> > My server is multi-homed with two ip addresses on different
>> > interfaces.
>>
>> > Is it possible to set up things so that if an outgoing network
>> > connection fails (for example a timeout) on one interface that it
>> > automatically retries out the other with the other source address?
>>
>> > Incoming mail is working on both interfaces.
>>
>> > I am running sendmail version 8.14.1 on freebsd 6.3.
>>
>> I don't believe that's a sendmail issue - but a routing table issue within
>> your multi-homed host.
>
>No I disagree. I don't think this is a routing issue.

You may not think it's a routing issue, but the TCP/IP stack in your
kernel disagrees.:-)

> I might be
>using the term multi-homed incorrectly. The two interfaces have
>different IP addresses on them. I cannot shove packets out one
>interface with the ip address of the other. The machine is not a
>router and there's no routing exchange between my machine and the
>network to get those packets back to me if I do.
>
>It's as if I need to specify multiple CLIENT_OPTIONS in my .mc file,
>but this doesn't work.
>
>What I'm looking for is a way to tell sendmail to first try with one
>source address and if that fails, try with a different one. This way,
>if one network is down, mail still goes out.

No and no. Your kernel's routing tables decide where the packets are
shoved out. Sendmail (or any application) can choose to bind to a
specific source address, but in a normal setup, this has no bearing on
the shoving - it is determined only by the *destination* address. Which
is why binding the source address on a multi-homed host - a term that
you used correctly - typically just causes breakage.

That being said, it *is* possible on most modern OSes to set up
"policy-based routing", where decisions based on the source address can
be a policy. How to do that on your particular OS is pretty much
off-topic here though. If/when you have done that, you can come back to
sendmail and learn that it doesn't provide the ability to bind the
source address "dynamically" for a given message. However the suggestion
to use two instances with different CLIENT_OPTIONS settings should be
workable - even using FallbackMX which could handle it automatically,
but you would need that to be one-way, or you'll get an infite loop and
immediate bounce when the destination is unreachable from either
instance.

However, wouldn't it be much simpler to use two different "smart hosts",
one on each network (I would guess that you have different ISPs for
those, so this is probably already available to you)? Then you can
specify them as

define(`SMARTHOST', `[smarthost1]:[smarthost2]')

in your .mc file. No need for fancy routing setup, no need to run two
instances, and every message will be tried with smarthost1, and if not
successful, with smarthost2, on each queue run.

--Per Hedeland
per@hedeland.org

10/03/2008, 21h47	#1
Michael Grant Messages: n/a Hébergeur:	redundancy on multi-homed hosts for outgoing mail My server is multi-homed with two ip addresses on different interfaces. Is it possible to set up things so that if an outgoing network connection fails (for example a timeout) on one interface that it automatically retries out the other with the other source address? Incoming mail is working on both interfaces. I am running sendmail version 8.14.1 on freebsd 6.3. Michael Grant

11/03/2008, 09h26	#2
D. Stussy Messages: n/a Hébergeur:	Re: redundancy on multi-homed hosts for outgoing mail "Michael Grant" <michael.grant@gmail.com> wrote in message news:0d6c72d8-8bbb-49f9-8489-fe109e9b16e4@e60g2000hsh.googlegroups.com... > My server is multi-homed with two ip addresses on different > interfaces. > > Is it possible to set up things so that if an outgoing network > connection fails (for example a timeout) on one interface that it > automatically retries out the other with the other source address? > > Incoming mail is working on both interfaces. > > I am running sendmail version 8.14.1 on freebsd 6.3. I don't believe that's a sendmail issue - but a routing table issue within your multi-homed host.

11/03/2008, 11h29	#3
Michael Grant Messages: n/a Hébergeur:	Re: redundancy on multi-homed hosts for outgoing mail On Mar 11, 9:26 am, "D. Stussy" <s...@bde-arc.ampr.org> wrote: > "Michael Grant" <michael.gr...@gmail.com> wrote in message > > news:0d6c72d8-8bbb-49f9-8489-fe109e9b16e4@e60g2000hsh.googlegroups.com... > > > My server is multi-homed with two ip addresses on different > > interfaces. > > > Is it possible to set up things so that if an outgoing network > > connection fails (for example a timeout) on one interface that it > > automatically retries out the other with the other source address? > > > Incoming mail is working on both interfaces. > > > I am running sendmail version 8.14.1 on freebsd 6.3. > > I don't believe that's a sendmail issue - but a routing table issue within > your multi-homed host. No I disagree. I don't think this is a routing issue. I might be using the term multi-homed incorrectly. The two interfaces have different IP addresses on them. I cannot shove packets out one interface with the ip address of the other. The machine is not a router and there's no routing exchange between my machine and the network to get those packets back to me if I do. It's as if I need to specify multiple CLIENT_OPTIONS in my .mc file, but this doesn't work. What I'm looking for is a way to tell sendmail to first try with one source address and if that fails, try with a different one. This way, if one network is down, mail still goes out. Up to now, when this happens, I have been flipping things over manually. Fortunately this doesn't occur often, though it would be best if it were automatic.

11/03/2008, 11h49	#4
Andrzej Adam Filip Messages: n/a Hébergeur:	Re: redundancy on multi-homed hosts for outgoing mail Michael Grant <michael.grant@gmail.com> wrote: > On Mar 11, 9:26 am, "D. Stussy" <s...@bde-arc.ampr.org> wrote: >> "Michael Grant" <michael.gr...@gmail.com> wrote in message >> >> news:0d6c72d8-8bbb-49f9-8489-fe109e9b16e4@e60g2000hsh.googlegroups.com... >> >> > My server is multi-homed with two ip addresses on different >> > interfaces. >> >> > Is it possible to set up things so that if an outgoing network >> > connection fails (for example a timeout) on one interface that it >> > automatically retries out the other with the other source address? >> >> > Incoming mail is working on both interfaces. >> >> > I am running sendmail version 8.14.1 on freebsd 6.3. >> >> I don't believe that's a sendmail issue - but a routing table issue within >> your multi-homed host. > > No I disagree. I don't think this is a routing issue. I might be > using the term multi-homed incorrectly. The two interfaces have > different IP addresses on them. I cannot shove packets out one > interface with the ip address of the other. The machine is not a > router and there's no routing exchange between my machine and the > network to get those packets back to me if I do. > > It's as if I need to specify multiple CLIENT_OPTIONS in my .mc file, > but this doesn't work. > > What I'm looking for is a way to tell sendmail to first try with one > source address and if that fails, try with a different one. This way, > if one network is down, mail still goes out. > > Up to now, when this happens, I have been flipping things over > manually. Fortunately this doesn't occur often, though it would be > best if it were automatic. You may consider using a monitoring script to switch between sendmail two configurations (with different CLIENT_OPTIONS). AFAIK other solutions would require source code changes in sendmail.cf e.g. to handle situation in which both connections are up and running nut only one of them has connectivity problem to some (but not all) nets. The "difference of opinions" between you two may be caused by using different assumptions: a) single address space with two Internet connections. It is best handled at routing level by routers. [It is proffered solution by medium+ ISP] b) two separate address spaces - switching default route "breaks" already established TCP connections. [It seems to be quite common for small firms.] -- [pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl Open-Sendmail: http://open-sendmail.sourceforge.net/ Isn't it nice that people who prefer Los Angeles to San Francisco live there? -- Herb Caen

11/03/2008, 15h32	#5
Grant Taylor Messages: n/a Hébergeur:	Re: redundancy on multi-homed hosts for outgoing mail On 03/11/08 05:29, Michael Grant wrote: > No I disagree. I don't think this is a routing issue. I might be > using the term multi-homed incorrectly. The two interfaces have > different IP addresses on them. I cannot shove packets out one > interface with the ip address of the other. The machine is not a > router and there's no routing exchange between my machine and the > network to get those packets back to me if I do. I don't know if it is a routing issue or not. However here are some things to consider: - Linux (I'm not sure what kernel you are running) will use the first (lowest order?) IP address or network interface (I'm not sure which) to communicate if multiple addresses are on the same subnet. - With out modification, once the kernel chooses a route, that route will be cached. Routes are usually chosen per destination. If you bind (I use the term loosely) messages to the Daemon Port that they came in on, they have to go out the same Daemon Port. > What I'm looking for is a way to tell sendmail to first try with one > source address and if that fails, try with a different one. This > way, if one network is down, mail still goes out. I don't know if Sendmail its self has this ability or not. What you may want to consider is seeing if you can't run two instances of Sendmail in parallel (or at least two config sets under the same daemon) with each having its own queue(s). That way if one Sendmail is unable to connect, it could move the message to the other Sendmail's queue and have it try to deliver on it's next queue cycle. I'm not quite sure how to go about doing this, but at least it sounds good to me. IPA <-> DaemonA <-> QueueA and IPB <-> DaemonB <-> QueueB. > Up to now, when this happens, I have been flipping things over > manually. Fortunately this doesn't occur often, though it would be > best if it were automatic. Another idea would be to run two separate instances of Sendmail and have them use each other as a FallBack MX. I think this will provide what you are after. One thing that you will have to keep in mind with either approach is how many Received: headers it takes to trigger loop detection. Seeing as how you will likely have more dequeuing attempts, you will probably want to raise the loop detection. Hopefully someone else who has a better understanding of how this works will be able to with this too. Grant. . . .

11/03/2008, 23h43	#6
Per Hedeland Messages: n/a Hébergeur:	Re: redundancy on multi-homed hosts for outgoing mail In article <5484e201-310e-4481-955b-8cf14aa8eb84@13g2000hsb.googlegroups.com> Michael Grant <michael.grant@gmail.com> writes: >On Mar 11, 9:26 am, "D. Stussy" <s...@bde-arc.ampr.org> wrote: >> "Michael Grant" <michael.gr...@gmail.com> wrote in message >> >> news:0d6c72d8-8bbb-49f9-8489-fe109e9b16e4@e60g2000hsh.googlegroups.com... >> >> > My server is multi-homed with two ip addresses on different >> > interfaces. >> >> > Is it possible to set up things so that if an outgoing network >> > connection fails (for example a timeout) on one interface that it >> > automatically retries out the other with the other source address? >> >> > Incoming mail is working on both interfaces. >> >> > I am running sendmail version 8.14.1 on freebsd 6.3. >> >> I don't believe that's a sendmail issue - but a routing table issue within >> your multi-homed host. > >No I disagree. I don't think this is a routing issue. You may not think it's a routing issue, but the TCP/IP stack in your kernel disagrees.:-) > I might be >using the term multi-homed incorrectly. The two interfaces have >different IP addresses on them. I cannot shove packets out one >interface with the ip address of the other. The machine is not a >router and there's no routing exchange between my machine and the >network to get those packets back to me if I do. > >It's as if I need to specify multiple CLIENT_OPTIONS in my .mc file, >but this doesn't work. > >What I'm looking for is a way to tell sendmail to first try with one >source address and if that fails, try with a different one. This way, >if one network is down, mail still goes out. No and no. Your kernel's routing tables decide where the packets are shoved out. Sendmail (or any application) can choose to bind to a specific source address, but in a normal setup, this has no bearing on the shoving - it is determined only by the destination address. Which is why binding the source address on a multi-homed host - a term that you used correctly - typically just causes breakage. That being said, it is possible on most modern OSes to set up "policy-based routing", where decisions based on the source address can be a policy. How to do that on your particular OS is pretty much off-topic here though. If/when you have done that, you can come back to sendmail and learn that it doesn't provide the ability to bind the source address "dynamically" for a given message. However the suggestion to use two instances with different CLIENT_OPTIONS settings should be workable - even using FallbackMX which could handle it automatically, but you would need that to be one-way, or you'll get an infite loop and immediate bounce when the destination is unreachable from either instance. However, wouldn't it be much simpler to use two different "smart hosts", one on each network (I would guess that you have different ISPs for those, so this is probably already available to you)? Then you can specify them as define(`SMARTHOST', `[smarthost1]:[smarthost2]') in your .mc file. No need for fancy routing setup, no need to run two instances, and every message will be tried with smarthost1, and if not successful, with smarthost2, on each queue run. --Per Hedeland per@hedeland.org

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email