Hi Dave - That is the feeling that I got, that our backup mail server was actually being "used", rather than waiting quietly. At the same time, I have been unsure lately how effective it is when it really needs to be used (which hasn't been much - knock on wood).
I sort of follow what you are talking about, but I'm not quite clear on how it all works. I'm guessing the volume of your traffic / users is far more than mine, so I don't know that I would need to do anything 4 times per day. By setting up the aliases, you are only relaying mail for those aliases, and nobody else, whereas I'm still kind of an open relay. Correct? On my primary mail server, I have one "host" (mail.ourdomain.com) configured on Imail and a bunch of virtual hosts (eg, hisdomain.com, yourdomain.com, etc). On the backup mail server, I have one "host" (mail2.ourdomain.com) configured in Imail, and no virtual hosts. It sounds like I may have the hosts file part set up correctly as follows (where 123.45.67.890 is the primary server): 127.0.0.1 localhost 123.45.67.890 mail.ourdomain.com 123.45.67.890 ourdomain.com 123.45.67.890 mail.hisdomain.com 123.45.67.890 hisdomain.com 123.45.67.890 mail.yourdomain.com 123.45.67.890 yourdomain.com However, I'm still confused on the alias part. Maybe it's just the part of using the registry, versus actually going into Imail and entering a person. Also, I'm guessing you have scripts that do this for you the 4 times per day? Todd -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Doherty Sent: Tuesday, December 19, 2006 6:13 PM To: [email protected] Subject: Re: [IMail Forum] Backup Mail Server Hi Todd- The way you are set up, it seems you will accept all mail, including dictionary attacks, for your domains. Then your backup MX tries to send out NDRs when the primary rejects the addresses. That is very bad, as it effectively doubles the volume of the original dictionary attack and creates spam itself since dictionary attackers seldom use their own "from" addresses. We have a backup MX that uses aliases. Four times a day, we download the user list from the primary server's registry, convert all the users and aliases to aliases for mail.domainname.tld, and install that into the registry. We also rewrite the HOSTS file each time with entires for the IP of the primary sevrer and mail.domainname.tld for each domain. On the primary server you need to have domain aliases for mail.domainname.tld so that it will accept the mail. So incoming mail received at the cache addressed to, say [EMAIL PROTECTED] is forwarded through the alias process to [EMAIL PROTECTED] and sent along to the primary server. This allows us to reject dictionary attacks with a 550 error rather than a nondelivery message. Sandy's LDAP2Aliases script works roughly the same way, except that he uses LDAP rather than reading the registry. -Dave Doherty Skywaves, Inc. 97 Wenster Street Worcester, MA 01603 508-425-7176 To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
