[Mimedefang] Should I try to do MIMEDefang withMailscanner forbackup MX

Steve Campbell campbell at cnpapers.com
Tue Jun 20 16:57:03 EDT 2006

----- Original Message ----- 
From: "David F. Skoll" <dfs at roaringpenguin.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Tuesday, June 20, 2006 4:24 PM
Subject: Re: [Mimedefang] Should I try to do MIMEDefang withMailscanner 
forbackup MX

> Steve Campbell wrote:
>> I'm not sure how to block those emails from the secondary to the mailhub
>> and still retain functionality of the backup MX in MS/SA. MIMEDefang
>> could destroy these at the MTA level also, not MS. Blacklisting in MS is
>> not an option because it doesn't provide for a backup MX without editing
>> files.
> I don't understand your question.  Whether or not you use a secondary MX
> host is independent of MIMEDefang.  Perhaps you could give us a scenario?

Agreed, it is independent of where I run it and on how many machines.

I have two mailservers, and for the sake of simplicity, two domains. The 
mailboxes for domain1 are on server1, and the mailboxes for domain2 are on 
server2. Server2 is the backup MX for domain1, lower priority, higher 
number. Server1 is the backup MX for domain2, lower priority, higher number. 
Server1 relays to server2 for domain2. Server2 relays to server1 for 

Right now, if server1 is unavailable, server2 will queue mail for domain1 
until it is active again, and, server2 will accept mail for domain2 and 
deliver it. Same situation for domain2 if server2 is inactive.

Spammers are using the backup MXs to send mail. So domain1 spam is coming 
through server2, and being relayed to server1. MS says this is OK because it 
is relayed from my domain. SA could possible block this since it checks all 
relays and not just the last one, but it could be legitimate if server1 was 
down. So I can't put hard-wired blocks on mail to server1/domain1 from 

I would like for MD to do the milter-ahead style stuff and only accept mail 
for domain1 from server2 when server1 is inactive. Mail should be going 
through the primary MX, not the secondary. So mail for domain1 that is sent 
to server2 would have to wait until MD determines whether server1 is 
accepting mail or not and if it is for a valid user of domain1. If server1 
is accepting mail, drop the mail silently. If the user is invalid, obviously 
drop the mail.

There would have to be some means to tell whether the primary was down at 
any time, as the backup could be sending real queued mail.

Hope this makes sense. Or maybe jog some thoughts into doing it a simpler 
way. I can't really afford the milters right now as budget crunch has hit 


> Regards,
> David.
> _______________________________________________
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID.  You may ignore it.
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

More information about the MIMEDefang mailing list