[Gllug] Rejecting mail at backup MX
Xander D Harkness
xander at harkness.co.uk
Wed Feb 11 14:08:03 UTC 2004
On Wed, 2004-02-11 at 13:41, Doug Winter wrote:
> On Wed 11 Feb Bruce Richardson wrote:
> > Oh, all right, then. Look, this is bloody irrelevant. Yes, many
> > organisations will have a single mailstore but there's absolutely no
> > reason for that machine to be one of your primary mail exchangers. In
> > fact, there are any number of good reasons for all of your mail
> > exchangers to be relays and to keep your mailstore hidden from the
> > public Internet. Here are just a couple:
>
>
> I could really have used the technique for authorising addresses that
> exim provides the other week, because one of our domains was used in a
> joe job, and there wasn't much I could do about it - because my relays
> had no idea what real addresses were.
>
> If I could have identified real mailboxes on my inbound relays and
> rejected immediately, then I wouldn't have generated the hundreds of
> thousands of spurious bounces we eventually did. Thankfully for the
> target they were being generated by exchange which only managed about
> one a minute.
>
It would not be too much trouble, depending upon your time available to
query the LDAP server on exchange to verify internal addresses. Is that
what you plan?
I say this as I went on a training course recently to implement openLDAP
and Kerberos integration with AD. I got it up and running quite quickly
and there are examples in the O'Reilly LDAP book on using LDAP with
Exim.
Kind regards
Xander
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list