We are trying to build a redundant mail service, and we are
investigating the use of nginx as smtp/pop3/imap proxy with TLS/SSL
support (ports 25/587, 143/993, 110/995).
We already have two production mail servers, vmail1 and vmail2, running
postfix/dovecot (with virtual users on LDAP), each running on a separate
vmail1 is the main one (i.e. the one used to send mail and host users'
mailboxes), vmail2 is only used as a backup.
Mailboxes are using Maildir format and are being synced (in near
real-time) using dovecot dsync service.
IMPORTANT: Each of the two servers has its own distinct server name and
its own separate certificate. This allows proper parallel operation of
postfix and dovecot IMAP syncing.
(I will not describe the incoming mail process, because it is beyond the
scope of this mail.)
Our goal is to allow our users to always use one address, say
*vmail.example.com*, to automatically access SMTP/POP3/IMAP services at
vmail1 and, only if vmail1 is down, at vmail2.
DNS could offer a solution: creating, for example, a CNAME
"vmail.example.com" pointing to vmail1 would probably solve the problem
by using a very low DNS record refresh time and use a script to monitor
vmail1 availability; if vmail1 is down, the script could update the
CNAME to point to vmail2 instead (and force a zone refresh). This could
leave a small downtime window (depending on the refresh time configured).
Yet, I am thinking that it may be more advantageous to use another two
*identical* VMs (one on each data center, for redundancy) running NGINX,
with the common name (and a common certificate for) vmail.example.com
(in DNS: an A record with two IP Addresses). Both proxies would
automatically redirect (via NGINX) all SMTP/POP3/IMAP requests to vmail1
and, only if vmail1 is down, to vmail2, while the user will always
see/configure vmail.example.com as their mail server.
Is this a feasible scenario? Any hints, experiences, configuration
advice, pitfalls, alternative approaches etc. would be greatly appreciated.