[Mimedefang] Should I try to do MIMEDefang withMailscanner forbackup MX
Steve Campbell
campbell at cnpapers.com
Tue Jun 20 16:57:03 EDT 2006
David,
----- Original Message -----
From: "David F. Skoll" <dfs at roaringpenguin.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Tuesday, June 20, 2006 4:24 PM
Subject: Re: [Mimedefang] Should I try to do MIMEDefang withMailscanner
forbackup MX
> Steve Campbell wrote:
>
>> I'm not sure how to block those emails from the secondary to the mailhub
>> and still retain functionality of the backup MX in MS/SA. MIMEDefang
>> could destroy these at the MTA level also, not MS. Blacklisting in MS is
>> not an option because it doesn't provide for a backup MX without editing
>> files.
>
> I don't understand your question. Whether or not you use a secondary MX
> host is independent of MIMEDefang. Perhaps you could give us a scenario?
Agreed, it is independent of where I run it and on how many machines.
I have two mailservers, and for the sake of simplicity, two domains. The
mailboxes for domain1 are on server1, and the mailboxes for domain2 are on
server2. Server2 is the backup MX for domain1, lower priority, higher
number. Server1 is the backup MX for domain2, lower priority, higher number.
Server1 relays to server2 for domain2. Server2 relays to server1 for
domain1.
Right now, if server1 is unavailable, server2 will queue mail for domain1
until it is active again, and, server2 will accept mail for domain2 and
deliver it. Same situation for domain2 if server2 is inactive.
Spammers are using the backup MXs to send mail. So domain1 spam is coming
through server2, and being relayed to server1. MS says this is OK because it
is relayed from my domain. SA could possible block this since it checks all
relays and not just the last one, but it could be legitimate if server1 was
down. So I can't put hard-wired blocks on mail to server1/domain1 from
server2.
I would like for MD to do the milter-ahead style stuff and only accept mail
for domain1 from server2 when server1 is inactive. Mail should be going
through the primary MX, not the secondary. So mail for domain1 that is sent
to server2 would have to wait until MD determines whether server1 is
accepting mail or not and if it is for a valid user of domain1. If server1
is accepting mail, drop the mail silently. If the user is invalid, obviously
drop the mail.
There would have to be some means to tell whether the primary was down at
any time, as the backup could be sending real queued mail.
Hope this makes sense. Or maybe jog some thoughts into doing it a simpler
way. I can't really afford the milters right now as budget crunch has hit
here.
Thanks,
Steve
>
> Regards,
>
> David.
> _______________________________________________
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID. You may ignore it.
>
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
>
More information about the MIMEDefang
mailing list