On Mon, Apr 06, 2020 at 11:34:02AM -0600, Grant Taylor wrote: > On 4/6/20 6:35 AM, Ashley Dixon wrote: > > Hello, > > Hi,
Hello, [O.T.] Unfortunately, Grant, I cannot reply to your direct e-mail. My best guess is that you have a protection method in place in the event that the reverse D.N.S.\ does not match the forward ? As I'm on a domestic I.P., this is out of my control (i.e., `nslookup mail.suugaku.co.uk` returns my I.P., but `nslookup <I.P.>` returns some obscure hostname provided by my I.S.P.). > I encourage you to take a look at Junk Email Filter's Project Tar [1]. > > Aside: JEF-PT encourages people to add a high order MX to point to JEF-PT > in the hopes that undesirable email to your domain will hit their MX, which > will always defer the email and never accept it. Their hope is to attract > as many bad actors to their system as they can, where they analyze the > behavior of the sending system; does it follow RFCs, does it try to be a > spam cannon, etc. They look at the behavior, NEVER content, and build an > RBL. The provide this RBL for others to use if they desire. — I have been > using, and recommending, JEF-PT for more than a decade. > > JEF-PT could function as the backup MX in a manner of speaking. They will > never actually accept your email. But they will look like another email > server to senders. As such, well behaved senders will queue email for later > delivery attempts. This sounds quite enticing; I'll have a look, thanks :) > > I also want the solution to be as minimal as possible. I see the problem > > as three parts: > > This type of thinking is how you end up with different spam / virus / > hygiene capabilities between the primary and secondary email systems. Hence > why many undesirables try secondary email system(s) first. ;-) > > If you're going to run a filter on your primary mail server, you should also > run the filter on your secondary mail server(s). I didn't mean to infer that my back-up server would be different to my primary server, as my primary is rather minimal. And yes, good point, I suppose if anything, I should have tougher anti-spam measures on my backup MX :) > > (a) Convincing the D.N.S.\ and my router to redirect mail to the > > alternate server, should the default one not be reachable; > > DNS is actually trivial. That's where multiple MX records come in to play. > — This is actually more on the sending system honoring what DNS publishes > than it is on the DNS server. This is what I was intending to do. I hadn't even considered dynamically playing with the D.N.S., given that addresses are commonly cached for a short period to avoid hammering name-servers (?) > > (b) Creating the alternate mail server to be as lightweight as possible. > > I'm not even sure if I need an S.M.T.P.\ server (postfix). Would > > courier-imap do the trick on its own (with courier-authlib and mysql) ? > > You will need an SMTP server, or other tricks ~> hacks. Remember that > you're receiving email from SMTP servers, so you need something that speaks > SMTP to them. > > Courier IMAP & authlib are not SMTP servers. I sincerely doubt that they > could be made to do what you are wanting. Oh my goodness, I feel silly now :) I was considering just using courier to catch the incoming mail, and then rsync it over to my primary when it comes back on-line, but using an S.M.T.P.-forwarder certainly seems more elegant. > Or, you can use SMTP, which you're already using, and does exactly what > you're asking to do. Cheers for your help and detailed explanations Grant. Not only will your suggestions make my humble mail server operate better, but it's also great fun to set up :) -- Ashley Dixon suugaku.co.uk 2A9A 4117 DA96 D18A 8A7B B0D2 A30E BF25 F290 A8AA
signature.asc
Description: PGP signature
