My organization runs two SIMS servers--one is a primary mail server; the second is purely a secondary mx (located in another city). The addition of the secondary mx is relatively recent and led to an unforeseen problem.
Last night, the primary mail server went down. As expected, mail for mprinc.com was instead delivered to mx2.mprinc.com. However, when mprinc.com was rebooted this morning, it started to reject mail from mx2.mprinc.com. Examination of the logs revealed that mx2.mprinc.com had been tempbanned by SIMS because of several messages addressed to persons who are no longer employed. Since all those messages were being delivered by mx2.mprinc.com, mprinc.com decided that mx2.mprinc.com was engaged in address harvesting. Until now, I had deliberately left mx2's ip address out of the client hosts range for SIMS on mprinc.com. The logic was that all mail from mx2.mprinc.com should be for local addresses or router entries on mprinc.com; therefore, mprinc.com should not relay mail from mx2.mprinc.com. The goal was to prevent multihop relays. However, in response to the problem this morning, I have added mx2.mprinc.com's ip address to mprinc.com's client hosts. Testing seems to indicate that this makes mx2.mprinc.com immune to tempbanning. Also, I have attempted to send mail through a multihop relay by addressing it to [EMAIL PROTECTED] and this was rejected by mx2 with the standard "relaying is not allowed" message. 1. Am I correct that by adding an IP address to the clients list, it becomes immune to tempbanning? 2. Am I correct that SIMS will refuse to attempt a multihop relay even if there is a .smtp entry in the router? Also, while this isn't relevant to my configuration, how would you deal with this interaction if your backup mx didn't categorically reject multihop relays? It seems you couldn't safely put the backup mx into your clients list; instead you would have to create an "Unknown" account with a custom auto-reply. Would that be an appropriate technique? Thank you. Elliot Wilen Network Administrator Postmaster MPR Associates, Inc. Berkeley, CA ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
