[Mimedefang] Should I try to do MIMEDefang with Mailscanner forbackup MX

Steve Campbell campbell at cnpapers.com
Wed Jun 21 08:52:40 EDT 2006


Alan,

----- Original Message ----- 
From: "Alan Premselaar" <alien at 12inch.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Tuesday, June 20, 2006 10:45 PM
Subject: Re: [Mimedefang] Should I try to do MIMEDefang with Mailscanner 
forbackup MX


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Steve,
>
> [snip]
>
> This type of scenario has been debated in a number of different mail
> related lists over time.  One thing you need to consider is that, it is
> perfectly reasonable for legitimate mailers to hit your secondary MX
> server even if your primary MX server is running. This could be related
> to temporary failures on your primary MX causing the sending server to
> retry your secondary MX, or it could be cached information about which
> MX server to connect to.  Because of this, you need to be really careful
> about blocking mail coming into your secondary server.
>
> [snip]

> in my setup, I have a machine that hosts multiple domains (MX1) and a
> backup MX (MX2) for those multiple domains.  not as complicated a setup
> as yours, but on a basic level I have MX2 use md_check_smtp_server
> against MX1 to validate users and reject on invalid users right off.  I
> also have duplicate spamassassin and AV software installations on each
> of the MX servers, sharing a mysql database hosted on a third machine
> (spamassassin).

This is the same as my setup, actually. I have two servers -  one that is 
primary for some domains, the other that is primary for other domains. Each 
server acts as backup MX for the domains that aren't primary MX on that 
particular server. And I do not use MD yet, or spamassassin in a MySQL 
situation.

>
> in this situation, if MX1 is offline, the mail coming into MX2 is still
> checked for viruses and run thru SA.  if it passes those phases, it's
> queued for delivery to MX1 when it becomes available.  if not, it's
> rejected as appropriate.

Same here.
>
> this ensures that legitimate connections to MX2 (even if MX1 is
> available) aren't rejected, and worst case scenario is that while MX1 is
> offline and unable to validate users, some mail for unknown users may be
> queued and sent to MX1 when it's available, and then rejected causing
> MX2 to generate a DSN.  as this happens so infrequently, I feel it's a
> reasonable compromise.
>

Same again. I would like to just use MIMEDefang to throw away invalid users, 
no matter which server they enter my system on, primary or secondary MX.

>>
> MIMEDefang is an extremely powerful tool that gives you a broad range of
> possibilities for mail filtering.  The downside is that you need to know
> at least the very basics of Perl in order for it to be configurable to
> your tastes.  (and obviously the more you know about Perl, the better
> you can tweak it to your tastes)
>
> I definitely recommend that you learn Perl, as doing so would allow you
> to easily do what you're looking to do with MIMEDefang.
>
> HTH

Yes it helps, thanks. I am reading the Oreilly Perl CD bookshelf now, but 
that's a bunch of reading. As I become more familiar with Perl, everything 
would be in place to expand MD's usage.
>
> Alan
Steve





More information about the MIMEDefang mailing list