[Gllug] Rejecting mail at backup MX

[Doug Winter]

On Wed 11 Feb Bruce Richardson wrote:
> Oh, all right, then.  Look, this is bloody irrelevant.  Yes, many
> organisations will have a single mailstore but there's absolutely no
> reason for that machine to be one of your primary mail exchangers.  In
> fact, there are any number of good reasons for all of your mail
> exchangers to be relays and to keep your mailstore hidden from the
> public Internet.  Here are just a couple:

It's certainly what we do.  Our internal mailstore is unfortunately
Exchange, but there's no way that can handle even a tiny amount of
inbound mail, so we have two inbound mail relays that queue and wait for
exchange to pull it's thumb out of it's arse.  They have different
priorities in MX records, but not for any reason to do with email
particularly.

I could really have used the technique for authorising addresses that
exim provides the other week, because one of our domains was used in a
joe job, and there wasn't much I could do about it - because my relays
had no idea what real addresses were.

If I could have identified real mailboxes on my inbound relays and
rejected immediately, then I wouldn't have generated the hundreds of
thousands of spurious bounces we eventually did.  Thankfully for the
target they were being generated by exchange which only managed about
one a minute.

doug.

-- 
6973E2CF: 2C95 66AD  | Get thee glass eyes,
1596 37D2 41FC 609F  |  And, like a scurvy politician, seem
76C0 A4EC 6973 E2CF  |   To see the things thou dost not.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug