A server in another data center does differentials of the entire mail server every hour on the hour, and weekly fulls. Differentials are stored for 14 days and weeklies are stored for 120 days. If a customer accidentally deletes an individual message, we can probably restore it; if a customer nukes their entire mailbox, we can restore it.
> And what happens if it goes down for a few hours? Would you not get that mail?
SMTP servers by convention are supposed to retry for at least a day if the destination server is down. A few miscreants (ahem Washington Mutual...) don't retry at all though.
Worst-case scenario, I can have another mail server up and running in 20 to 30 minutes, with most of the mailboxes restored to it. Since I also admin our own name servers, and I keep a short TTL, we could update the DNS for the mail server and have most mail services back online for most customers pretty quickly.
Unfortunately, true fail-over mail services is a challenging nut to crack, especially if you want duplication between distant data centers.
I run my own mailserver too for private use. I make use of a DNS provider who also provides backup SMTP service.
Basically it adds another address as alternative for delivery for your domain. That server is configured to forward the mail to your primary server or hold it until it comes up again.
Works great, and you could even use it as a spam filtering option, since legitimate servers should only try the first server, but a lot of spammers use the second one thinking that it probably has less spamfiltering or something.
A server in another data center does differentials of the entire mail server every hour on the hour, and weekly fulls. Differentials are stored for 14 days and weeklies are stored for 120 days. If a customer accidentally deletes an individual message, we can probably restore it; if a customer nukes their entire mailbox, we can restore it.
> And what happens if it goes down for a few hours? Would you not get that mail?
SMTP servers by convention are supposed to retry for at least a day if the destination server is down. A few miscreants (ahem Washington Mutual...) don't retry at all though.
Worst-case scenario, I can have another mail server up and running in 20 to 30 minutes, with most of the mailboxes restored to it. Since I also admin our own name servers, and I keep a short TTL, we could update the DNS for the mail server and have most mail services back online for most customers pretty quickly.
Unfortunately, true fail-over mail services is a challenging nut to crack, especially if you want duplication between distant data centers.