Fwd: Re: [Mimedefang] Should I try to do MIMEDefang with Mailscanner forbackup MX

Steve Campbell campbell at cnpapers.com
Fri Jun 23 06:15:18 EDT 2006

----- Forwarded message from Steve Campbell <campbell at cnpapers.com> -----
    Date: Fri, 23 Jun 2006 04:42:27 -0400
    From: Steve Campbell <campbell at cnpapers.com>
Reply-To: Steve Campbell <campbell at cnpapers.com>
 Subject: Re: [Mimedefang] Should I try to do MIMEDefang with Mailscanner
forbackup MX
      To: Atanas <mimedefang at asd.aplus.net>

Quoting Atanas <mimedefang at asd.aplus.net>:

> You should have both the primary and the secondary able to operate 
> independently of each other. Having a secondary MX depending on the 
> primary in order to reject or queue something kind of defeats the 
> purpose of its existence.
> >> Why don't you just use sendmail to trow them away? As others already
> >> pointed that out, you could provision your primary access database(s) to
> >> the secondary (or make the secondary use the primary's access.db over a
> >> TCP socket) and have sendmail do the rejecting without bothering
> MIMEDefang.

I'm getting the feeling that I am not using sendmail properly with regards to
mail accounts. Right now, whenever I need a new mail account, I just create a
new user on the box. Imap and pop accounts are then available when needed. I
dont add anything to the access files for users. For now, I just use the access
files for spam, blocking IPs, and the like.

> You could deliver the primary's access database to the secondary somehow 
> (via scp/rsync, ftp, etc. like in every 5 minutes or so, or just when 
> your primary access database gets updated, e.g. when you add a new 
> mailbox) and merge both access files before building the access.db. Thus 
> the secondary MX will always have all the information needed to reject 
> mail coming to non-existing recipients for both of your domains.

My paragraph above sort of explains why this won't work, since my access file
doesn't contain much. I'll look and see what it has, though, and maybe I can do
something with it. 

> If your backup MX is unable to reject unknown recipients when the 
> primary is unreachable, it would need either to accept and queue 
> everything and then relay that to the primary, or to tempfail 
> everything. The first could result in a lot of junk and useless bounces 
> clogging the queues, the second would be equivalent to not having a 
> secondary at all.

Agreed, and the former is what it does at the present time.

I kept wondering why everyone kept saying I didn't need MD, and now I see why.
I'll have to rethink my entire access scheme. At the moment, all mailboxes for a
domain are on the primary MX. If mail goes to the backup MX, it gets relayed,
but only because I relay the entire domain to the where the mailboxes are (the
primary MX for the domain).

It all used to be so simple.


> Regards,
> Atanas

This mail sent through IMP: http://horde.org/imp/

----- End forwarded message -----

This mail sent through IMP: http://horde.org/imp/

More information about the MIMEDefang mailing list