[Gllug] Rejecting mail at backup MX
Alistair Mann
alistair at lgeezer.net
Tue Feb 10 11:31:30 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thus spaketh Jack Bertram on Tuesday 10 February 2004 10:34 am:
> Looking at my backup MX maillogs, I see that it spends a lot of time
> trying to deliver mail to users that don't exist. This is because it is
> configured to relay mail to my primary MX (which rejects mail to unknown
> users).
>
> What's the canonical way to prevent this? If this were a large system,
> presumably I'd be using LDAP or something similar to publish my user
> account info so that the backup MX could check against this before
> relaying. However, it's a small system and it's overkill to do this.
> Do I actually have to copy details of user accounts over to the backup
> MX box? Is there something stupid that I'm missing?
I believe so.
The purpose of the backup MX is to relay to a (hopefully temporarily)
unavailable primary. The users all exist on that primary, they do not exist
on the backup, and the backup ought to be making no attempt to process those
users 'as if' they were local. Checking for spam, rDNS etc yes; but not
processing emails that are otherwise valid.
What you are trying to do is turn your backup MX into a second primary MX.
I've once configured two primaries, one in London the other in New York; I had
the same script run at both locations to sort out accounts and so forth.
Email delivered to either machine stayed on that machine. Linux machines will
round-robin between primary MXs, but Windows machine will always go to the
'nearest' one, so I had to modify the MASQ firewall in order to randomly
assign outbound connections to the 'local' mx to the remote mx. A very
successful arrangment it was too, but it takes alot of time to administer and
would be what you face were you to run two primaries.
Your backup MX is doing its job properly; I would suggest leaving it be.
- --
Alistair
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: As seen at http://search.keyserver.net
iD8DBQFAKMESEz+/jt85AfsRAjWHAJ49N5pfhdZR4mnq3V2L1PQsjLlwBACfeOiM
wU6hUwDPgQ1mOcxnX9R9+7c=
=LU28
-----END PGP SIGNATURE-----
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list