Skip to main content

How to Configure a Backup MX Host

Brian Jacobs
  • Updated

Introduction

There have been some tickets where customers have been requesting information about configuring Backup MX hosts. This means that they would like to have a primary mail server, which cPanel configures by default, and a secondary server to handle mail if the primary server is down or inaccessible. This configuration will enable the secondary MX server to accept mail for a specified domain and then queue it for delivery. The secondary server should not have the domains hosted for which it is providing backup MX. 

 

Procedure

 

***Configuring a backup MX host is not recommended to customers or for anyone in general.  When Exim is configured as a secondary mail exchange server, it bypasses filters and verification. This means that it accepts all mail for delivery to the primary server. This causes backscatter, bouncebacks, and other mail traffic that Exim's filters would otherwise mitigate. Having a backup MX host also allows spammers to bypass these filters. If a spamming server is configured to send only to the secondary server, the amount of spam allowed through will greatly increase.***

 

More details about this subject matter can be found in the following articles: 

Should I make use of the Backup Mail Exchanger (aka backupmx) feature, and will it increase the amount of spam I receive?

Backup MX Email Bypasses Spam Filters

 

The first part of this configuration is to configure the MX records in DNS. Normally, cPanel will configure the primary MX record with a priority of 0:

 

example.com. IN MX 0 example.com.

 

For example, the above record shows that the mail server, for example.com, is example.com with a priority of 0, which is the highest possible. Any other MX record can be added that specifies a lower priority service with a higher number. 

 

example.com. IN MX 10 backupmx.example.com.

 

The above record configures the secondary or backup mail server with a priority number of 10. 

It is also necessary to ensure that the backup server has a valid hostname that resolves in DNS.

When the primary server is offline, remote servers will deliver mail to the secondary server. The secondary server would be an open relay for any domain except for domains that are defined in /etc/secondarymx. For this reason, you will want to add example.com to /etc/secondarymx.

 

echo "example.com" >> /etc/secondarymx

 

Then, when the primary server is online again, it will accept mail normally. This includes mail that has been queued on the secondary server. For the primary server to accept mail from the secondary server, it is necessary to add the hostname of the secondary server to /etc/backupmxhosts on the primary server.

 

echo "backupmx.example.com" >> /etc/backupmxhosts

 

This file is also modified by adding to the Backup MX Hosts in WHM at Home »Service Configuration »Exim Configuration Manager under Access Lists. 

Related articles