It looks like your secondary MXs are willing to accept the incoming messages without graylisting. That means they will always provide a way to bypass the graylist on your primary mail server (i.e. the secondary accepts the message, then retries delivery to the primary server until it passes the graylist). If you install spamdyke on your secondary MXs but they don't share the graylist folder, the remote server could end up trying each of them in turn and get too many rejections (one from each server) and bounce the message before it finds a server that will accept it.
In your situation, I would recommend turning off graylisting unless you can share the graylist folder. Sharing the folder the folder through NFS should work fine as long as the servers' clocks are in sync. -- Sam Clippinger Ken Schweigert wrote: > I've been running SD3.1.1 for a little over an hour and have been > watching my smtpd logs and noticed something I didn't expect to happen > with graylisting. > > I asked my wife to send me an email while I watched the logs. I saw > it connect, get the graylist message, then saw it connect to one of my > secondary MX servers and get delivered. Below are the two line from > my smtpd logs: > > 2007-11-13 13:47:12.940625500 DENIED_GRAYLISTED from: [EMAIL PROTECTED] > to: [EMAIL PROTECTED] origin_ip: 65.118.8.28 origin_rdns: > zk.ironkeep.net auth: (unknown) > > 2007-11-13 13:47:19.382061500 ALLOWED from: [EMAIL PROTECTED] to: > [EMAIL PROTECTED] origin_ip: 63.149.22.68 origin_rdns: > ns3.byte-productions.com auth: (unknown) > > I have my two secondary MX servers listed in the ip_file associated > with 'never-graylist-ip-file'. > > I'm assuming that my mailserver received the connection, sent a 'try > again later' message and then her ISP's mailserver just tried the next > server in my MX "list." > > Is there a better way to handle my config to work with secondary MXs? > Should they just be whitelisted instead of allow graylisted? > > Thanks! > -ken > > > My spamdyke.conf file: > ---------------- > log-level=2 > log-target=0 > local-domains-file=/var/qmail/control/rcpthosts > #max-recipients=15 > idle-timeout-secs=60 > graylist-dir=/home/vpopmail/graylist > graylist-min-secs=300 > graylist-max-secs=1814400 > never-graylist-ip-file=/home/vpopmail/never_graylist_these_ips > #policy-url=http://my.policy.explanation.url/ > sender-blacklist-file=/home/vpopmail/blacklist_senders > recipient-blacklist-file=/home/vpopmail/blacklist_recipients > ip-in-rdns-keyword-file=/home/vpopmail/blacklist_keywords > ip-blacklist-file=/home/vpopmail/blacklist_ip > reject-empty-rdns > reject-unresolvable-rdns > rdns-whitelist-file=/home/vpopmail/whitelist_rdns > ip-whitelist-file=/home/vpopmail/whitelist_ip > greeting-delay-secs=5 > check-dnsrbl=safe.dnsbl.sorbs.net > check-dnsrbl=combined.njabl.org > check-dnsrbl=sbl-xbl.spamhaus.org > check-dnsrbl=bogons.cymru.com > reject-missing-sender-mx > tls-certificate-file=/var/qmail/control/servercert.pem > ------------ > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
