Alan,
----- Original Message -----
From: "Alan Premselaar" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Tuesday, June 20, 2006 10:45 PM
Subject: Re: [Mimedefang] Should I try to do MIMEDefang with Mailscanner
forbackup MX
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Steve,
[snip]
This type of scenario has been debated in a number of different mail
related lists over time. One thing you need to consider is that, it is
perfectly reasonable for legitimate mailers to hit your secondary MX
server even if your primary MX server is running. This could be related
to temporary failures on your primary MX causing the sending server to
retry your secondary MX, or it could be cached information about which
MX server to connect to. Because of this, you need to be really careful
about blocking mail coming into your secondary server.
[snip]
in my setup, I have a machine that hosts multiple domains (MX1) and a
backup MX (MX2) for those multiple domains. not as complicated a setup
as yours, but on a basic level I have MX2 use md_check_smtp_server
against MX1 to validate users and reject on invalid users right off. I
also have duplicate spamassassin and AV software installations on each
of the MX servers, sharing a mysql database hosted on a third machine
(spamassassin).
This is the same as my setup, actually. I have two servers - one that is
primary for some domains, the other that is primary for other domains. Each
server acts as backup MX for the domains that aren't primary MX on that
particular server. And I do not use MD yet, or spamassassin in a MySQL
situation.
in this situation, if MX1 is offline, the mail coming into MX2 is still
checked for viruses and run thru SA. if it passes those phases, it's
queued for delivery to MX1 when it becomes available. if not, it's
rejected as appropriate.
Same here.
this ensures that legitimate connections to MX2 (even if MX1 is
available) aren't rejected, and worst case scenario is that while MX1 is
offline and unable to validate users, some mail for unknown users may be
queued and sent to MX1 when it's available, and then rejected causing
MX2 to generate a DSN. as this happens so infrequently, I feel it's a
reasonable compromise.
Same again. I would like to just use MIMEDefang to throw away invalid users,
no matter which server they enter my system on, primary or secondary MX.
MIMEDefang is an extremely powerful tool that gives you a broad range of
possibilities for mail filtering. The downside is that you need to know
at least the very basics of Perl in order for it to be configurable to
your tastes. (and obviously the more you know about Perl, the better
you can tweak it to your tastes)
I definitely recommend that you learn Perl, as doing so would allow you
to easily do what you're looking to do with MIMEDefang.
HTH
Yes it helps, thanks. I am reading the Oreilly Perl CD bookshelf now, but
that's a bunch of reading. As I become more familiar with Perl, everything
would be in place to expand MD's usage.
Alan
Steve
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
