My organization runs two SIMS servers--one is a primary mail server; the second is purely a secondary mx (located in another city). The addition of the secondary mx is relatively recent and led to an unforeseen problem.
Not unforeseen. Unless your mail server is likely to be off-line for 4 days or more you should seriously consider not running a backup mx. It is simply spammer bait.
1. Am I correct that by adding an IP address to the clients list, it becomes immune to tempbanning?
Yes.
2. Am I correct that SIMS will refuse to attempt a multihop relay even if there is a .smtp entry in the router?
Yes, I believe that is right.
However, running a secondary is far more risk than I am willing to take at this point. The only way I would do it now is if I had three (or more) mailservers.
Primary and secondary have identical configs (user accoutns, rbls, IDENTICAL) and run SA and virus scans before relaying the rest of the mail to the REAL mailserver, which is not listed in MX, for final disposition. But that's getting a bit beyond the scope of SIMS.
Also, while this isn't relevant to my configuration, how would you deal with this interaction if your backup mx didn't categorically reject multihop relays? It seems you couldn't safely put the backup mx into your clients list; instead you would have to create an "Unknown" account with a custom auto-reply. Would that be an appropriate technique?
Creating an Unknown account is never an appropriate technique. Sometimes clients want it, but I explain to them that I will not be able to do anything to stem the overwhelming flood of spam they will receive. Sometimes that convinces them to catch a clue, sometimes not.
--
At 20:43 the dome of St. Elvis Cathedral shattered... and the Devil walked the earth again. He'd never really left.
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
