Re: Best practive for TLS/DNS Setup for exim

[Dan Ritter <dsr@randomstring.org>]

Rainer Dorsch wrote: 
> Am Montag, 18. Mai 2020, 19:58:06 CEST schrieb Dan Ritter:
> > Rainer Dorsch wrote:
> > I think you're overcomplicating it.
> > 
> > Your domain can and should have two or more MX records, with
> > different priority levels. The MX records don't even have to
> > point to names in your domain.
> > 
> > Since you're using Let's Encrypt, certificates are free. So,
> > for each mail server, set up an A and/or AAAA record. Add those
> > to the MX records for your domain. Have LE produce certificates
> > for the mail servers under the names they have assigned.
> > 
> > Any mail sender will try each of your MX records, stopping when
> > it gets to a working entry. Some spammers will try in reverse
> > order, hoping that you don't have anti-spam measures on your
> > secondary mail server.
> > 
> 
> Just curious, if I have multiple MX records, how would you sync the incoming 
> emails (*) ? I can see with an NFS mounted home directory with Maildir 
> mailboxes that could work and dovecot could probably run on multiple hosts (or 
> at least it would be possible to switch the imap DNS entry if needed). But 
> then the NFS server is the single point of failure. Are there better ways to 
> sync the mail servers behind the MX records than NFS?

Yes. dovecot-sync is quite fast relative to most mailservers.

-dsr-