Experiments with mailserver redundancy

When I decided to test if I could successfully configure and operate my own mailserver, I knew I’d need to account for times when that server was down. Overall, my primary server has had very few disruptions, but when this website was the only service that could be impacted, I also wasn’t as concerned about 100% uptime.

Short outages likely wouldn’t be a problem since mailservers generally retry failed deliveries over a period of several hours, before eventually giving up altogether. That wouldn’t help, though, if Linode suffered a prolonged outage1 or if I so completely broke the server configuration that I’d need to rebuild from the start.

A Temporary, and Very Silly, Solution

Not certain initially that I had the time, inclination, or technical wherewithal to set up redundant mail servers, I explored hosted solutions that provide temporary mail handling while a primary server is down.

I tried two different of these providers for a few months, but was ultimately quite disappointed. Configuration options were limited, and there was little reporting or other visibility into whether or not it was working. Just trusting that email would be relayed wasn’t sufficient for me. Neither was shutting down the primary server just to test these failover services. Relying on a third party for what I deemed such a crucial aspect of my infrastructure, without sufficient access to or understanding of that system, was unacceptable.

Besides dissatisfaction with the service offered, price was another dissuasion. Granted, neither of the services I used is marketed to the consumer or small-business market (no providers target those segments as far as I could find), so their pricing was, understandably, set with enterprises in mind. Given my desire at the time to eventually move all of my domains’ email to my own service, I needed a solution that would scale without also costing me a month’s salary.

After a bit of research, it became clear that with some confidence and a few inexpensive VPSs from another provider, I could handle failover myself at a fixed monthly cost, and support the configuration I needed without myriad upcharges.

Enter DigitalOcean

As noted at the outset, initially I had a single VPS with Linode. Even today, my primary server is hosted with them, though it’s grown a lot over the years. As I’ve also written about elsewhere, I host my own nameservers, another endeavor that necessitates redundancy. When, in August 2014, I decided to abandon the third-party mailserver backups, I simultaneously migrated my nameservers. If I was to invest in additional servers, I wanted to utilize them for more than just one purpose.

When considering where to host these redundant servers, cost was a considerable factor, but so was the reliability of the alternate host. Despite its presence in multiple datacenters worldwide, I decided from the start that a provider other than Linode would be used for failover. I wanted to protect against a provider-wide outage while also adding some safety in case my account with one company or the other was compromised.

Since I’d always heard that DigitalOcean is on par with, and a direct competitor to, Linode, it seemed the logical choice. It didn’t hurt that their first-tier offering was–and still is–$5/month, and provided sufficient resources for my needs. Near-universal IPv6 support was another added bonus. Having chosen my backup provider, I signed up for two machines–one in Europe and one in Asia–giving me geographic diversity too.

  1. While Linode did see a 12-day outage between December 25, 2015 and January 5, 2016, I was fortunate enough that my instance is in a datacenter that was largely spared.