On Wed, 5 Jul 2006, Harry Otten wrote:
I have a mail server which runs some primary domains and some secondary
domains.
Well, it's the old question: What do you need the Backup MX for?
When mail comes in for which he is the secondary mail server he should
tempfail if and only if the primary server is still running.
"mail" might have recipients from both the primary and secondary domain.
Nagios checks the primary server and puts the state in a database.
I currently made the script using the filter_end with @recipients and
accessing that database. Works nice, but I want to reject the messages
before the data block to safe bandwidth.
You can tempfail each recipients for the secondary domain, BUT:
Search the list, dfs often advices against this technique because of wrong
MTA implementations that try DATA even after all recipients has been
failed, sendmail returns a permfail then.
When you use any stream_by_* function, you'll accept the whole mail,
hence, cannot save no bandwidth.
To do so I must use the filter_recipient routine.
The filter_recipient is called after every RCPT TO.
So I need to keep track of my state. Did I see a valid e-mail address? Than
the mail may pass, whatever other recipients there may be. If no valid
e-mail address appeared the e-mail should be rejected. But how do I know if
I'm called for the last recipient?
You don't, MIMEDefang doesn't, Milter doesn't, sendmail doesn't, the
sendmail does, but doesn't tell anybody.
Hence, you are stuck with the fact that:
a) you tempfail the recipients and live the few bad MTAs, or
b) accept all the mail and precess @Recipients in filter_begin.
When all the recipients are done the sending mail server issues the DATA
instruction. At this point I want to do filtering.
Huh, you seid to NOT want to filter, but tempfail ;-)
Instead of end your email with a dot we might temp fail.
You cannot, once the DATA phase started, it MUST be finished with dot; it
will be failed afterwards.
===
If you ask me, try variant a) above or drop the Backup MX function. MTAs
will retry themselves.
BTW#2: From your description stream_by_domain() seems to fit better than
*_recipient(). But won't matter at all, if you use one of the both
variants above.
Bye,
--
Steffen Kaiser
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
