[Mimedefang] Should I try to do MIMEDefang withMailscanner forbackup MX

[David F. Skoll]

Steve Campbell wrote:

> I have two mailservers, and for the sake of simplicity, two domains. The
> mailboxes for domain1 are on server1, and the mailboxes for domain2 are
> on server2. Server2 is the backup MX for domain1, lower priority, higher
> number. Server1 is the backup MX for domain2, lower priority, higher
> number. Server1 relays to server2 for domain2. Server2 relays to server1
> for domain1.

OK; got it.

[...]

> I would like for MD to do the milter-ahead style stuff and only accept
> mail for domain1 from server2 when server1 is inactive. Mail should be
> going through the primary MX, not the secondary. So mail for domain1
> that is sent to server2 would have to wait until MD determines whether
> server1 is accepting mail or not and if it is for a valid user of
> domain1. If server1 is accepting mail, drop the mail silently. If the
> user is invalid, obviously drop the mail.

Trust me: You don't want to do that.  If you do, you will have a nightmarish
time diagnosing what's going on.  server2 might think that server1 is up,
when outside people really can't see server1.  Or server2 might think it's
down when it really is up.

Your best bet is to put the same spam-scanning rules on both servers,
and have each server periodically synchronize its list of valid
recipients to the other server.  (For example, you could store all the
valid recipients in a Berkeley DB file and do a simple hash lookup in
Perl to tell if the recipient is valid.)

That way, each server can make its filtering decisions independently, and
you don't have to rely on network connectivity or other conditions beyond
your control to make accept/reject decisions.

Regards,

David.