Oct 02 2016
Double Microsoft Exchange and Mail Relay on a Remote Site
You have an Exchange server (or cluster) that communicates to the outside world through a mail relay (also called smarthost in Microsoft terminology), usually in a DMZ. You’d now like to give some high availability to this infrastructure, that could ideally cover a disaster recovery plan. This can be achieved doubling servers on a second site – siteB – in case something goes wrong on site A, meaning a relay on each site, with its own Internet connection.
Secure Incoming Mail Traffic
I use Symantec Messaging Gateway for mail relay: it is powerful, easy to configure, and can be set up as a virtual machine. It also comes at no additional cost if you have already purchased Symantec antivirus licenses. You can use any other mail gateway indeed.
Routing incoming mail is only a matter of creating DNS MX records for each mail relay and forwarding mail to Exchange servers. External mail servers will automatically fail back to the second mail relay if they cannot reach the first.
Outgoing Traffic Failover
Routing mail to the outside is a bit more complicated.
If you add a 2nd mail gateway to the Exchange send connector, it will load balance emails over the 2 relays wether they’re up or not, and will not fail over. But there is a way.
Create a DNS entry for each smarthost, in their own subdomain:
SiteA: RelayA.siteA.mydomain.com
SiteB: RelayB.siteB.mydomain.com
These could be aliases indeed pointing to real hostnames.
Then, create 2 MX records for siteA subdomain that point to the previous entries. The local relay having a lower number (higher priority):
siteA.mydomain.com. 3600 IN MX 5 relayA.siteA.mydomain.com.
siteA.mydomain.com. 3600 IN MX 10 relayB.siteB.mydomain.com.
Do the same for siteB if there’s also an Exchange server on the site.
All you need to do is create a send connector pointing to siteA.mydomain.com. Before resolving the DNS hostname for sitea.mydomain.com, Exchange will first attempt to do an MX lookup, even though this is not clearly stated in Exchange EAC.
With this flexible solution, you have loads of possible setups. You could:
– Send traffic to the local relay and fail over to the remote site
– Load balance the traffic on the 2 sites and fail over if one goes down (setting the same MX priority)
– Load balance the traffic on 2 local mail relays and failover to a single remote (two equal high priority MX and a lower for the remote relay)
Conclusion
All is fully automated if a relay becomes unreachable and new relay hosts are managed through DNS. You have now a redundant architecture with high availability.