MailStore Gateway Redundancy - Active-Active configuration
Overview of the options and risks
MailStore Gateway does not offer any high availability capabilities, but there are a few options to provide redundancy depending on your requirements and technical abilities.
These are unsupported, please do not contact MailStore Support with problems related to these configurations.
Consider if you need redundancy at all. A short term outage of a gateway is not an emergency and will not cause message loss. Journal reports are e-mails like any other and the sending server will queue them for re-delivery for period of time.
These are the currently available options:
Failover
- Quick, easy to understand.
- Requires manual intervention to switch between servers.
- Involves short downtimes to switch between servers.
Failover, with recovery
- Requires manual intervention to switch between servers.
- Does not require any downtime to switch between servers.
- More technical, requires an understanding of DNS.
Active-Active (this article)
- The most complex configuration, and should only be used by experienced administrators.
- Highest risk of message loss due to configuration errors.
- No downtime involved as both servers are running at all times.
- Requires additional configuration within each MailStore instance.
This article assumes a basic understanding of how to use MailStore Gateway, networking, DNS, and Microsoft 365 (or your e-mail platform)
Configuration
-
DNS
Assuming you have two MailStore Gateway servers,
192.0.2.1and192.0.2.55, create these DNS records:Name Type Record Data msgw1.mailarchiveco.example.A 192.0.2.1msgw2.mailarchiveco.example.A 192.0.2.55msgw.mailarchiveco.example.MX 10 msgw1.mailarchiveco.example.msgw.mailarchiveco.example.MX 20 msgw2.mailarchiveco.example.To be clear, this configuration has two A records, one pointing to each server, and then an MX record pointing to both servers.
In this configuration Exchange journal reports will preferentially sent to
msgw1.mailarchiveco.exampleovermsgw2.mailarchiveco.example, but you could change the MX records to have the same priority to (roughly) deliver messages equally.MX records and their ordering are not absolute. Even if you prioritize the servers as described above, you will occasionally see messages delivered to
msgw2.mailarchiveco.example. This is normal and expected behaviour. Similarly if you configure the MX records to have the same priority the servers will not receive an even 50/50 split of messages. MX records are best effort. -
Configure MailStore Gateway using a single hostname for all clients
To be clear, both servers will be configured to have the same name in the MailStore Gateway configuration, e.g.
msgw.mailarchiveco.example.This is not the same as the DNS records above. In DNS the servers are called
msgw1.mailarchiveco.exampleandmsgw2.mailarchiveco.example, but in MailStore Gateway both are configured to respond tomsgw.mailarchiveco.example. -
Backup the configuration
Once the primary server is configured, take a backup of your MailStore Gateway configuration as described in the Backup and Restore article from the documentation.
-
Keep the configuration backup up to date
Be sure to update the configuration backup whenever you make any configuration changes to the gateway. This applies to new mailboxes as well as password changes.
Warning: MailStore Gateway stores all messages encrypted at rest, relying on the mailbox password to decrypt messages. If you change a mailbox password on one server and fail to update the configuration, you will likely lose all messages that are delivered to the second server.
-
Go to the first server, configure Let’s Encrypt to
msgw1.mailarchiveco.example -
Go to the second server, configure Let’s Encrypt to
msgw2.mailarchiveco.example -
When configuring a MailStore instance to archive messages, create two archiving profiles, one for each server.
The first profile should be configured to archive server name
msgw1.mailarchiveco.example, and the second profile should be configured to archive server namemsgw2.mailarchiveco.example.Both will use the same credentials. Both will use
mbx-123@msgw.mailarchiveco.example`, and use the same password.
Failover process
There isn’t one. Microsoft 365 / Exchange will use the MX records to deliver messages to both servers, and MailStore Gateway will accept messages from both servers. Both servers will receive messages with a RCPT TO the same address. All MailStore instances pull mail from both gateways at all times.
Failover testing
Stop the service on either server, and messages will be delivered to the other server and then archived by MailStore normally. The only thing that you’ll notice is that archiving profiles accessing the stopped server will fail and any messages on the stopped server will be held in the queue until you resume operations.
Notes
-
This process is more complex and less forgiving of errors. You must create a mailbox, replicate the configuration, and only then enable journal rules.
-
You must take care to create mailboxes on one server, then replicate the configuration to the other server.
-
It is not possible to use the web interface to create the same mailbox on more than one server as you cannot assign the mailbox name, nor the password, nor the generated encryption name, you must copy the configuration files manually to reflect changes.
-
Because both servers use identical usernames and passwords, it is possible to move messages between the identically named mailboxes on the respective servers. You should not attempt to do this regularly, but in the case of a server failing catastrophically you could recover the messages from disk.
-
The Gateway servers can be located in different locations, allowing for network or geographic redundancy.