[Gllug] Rejecting mail at backup MX

Alistair Mann alistair at lgeezer.net
Tue Feb 10 20:36:15 UTC 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thus spaketh Bruce Richardson on Tuesday 10 February 2004 5:56 pm:
> On Tue, Feb 10, 2004 at 11:31:30AM +0000, Alistair wrote:
> > The purpose of the backup MX is to relay to a (hopefully temporarily)
> > unavailable primary.
>
> No, that is not "the purpose" of the backup MX.  The purpose of the
> priority field in an MX record is to indicate to remote mail systems
> an order of preference for mail systems that they should connect to.
> Remote systems are expected to try the lower one first and then work
> upwards till they achive success.  There is absolutely nothing in the
> RFCs to say what else the mail exchangers should do.

Nor would they. 

> > The users all exist on that primary, they do not exist
> > on the backup, and the backup ought to be making no attempt to process
> > those users 'as if' they were local.
>
> Bollocks.  Show me the RFC that says this.  I'd be impressed if you
> could, because the concept of a backup MX doesn't even exist in the RFCs
> and this idea that "backups" shouldn't do X or Y is entirely arbitrary
> and made up.

Very true, entirely arbitrary and made up for the simple reason that It Works.

Mail is most easily delivered to final users from a single machine. Mail is 
most easily accepted from remote hosts when there are multiple machines. As a 
practical matter, getting mail from multiple machines onto one single machine 
is most easily accomplished by using the backups to channel legitimately 
addressed email to the primary where it can be handled appropriately.

What you seem to be suggesting is that you use backups and primaries as a 
single zone where everyone legitimate is "local". Fair enough. But as my way 
is not the only the way, neither is yours. 

> There are many organisations where the "primary" doesn't store mail
> either and where all the publicly listed mail exchangers are gateways
> that deliver the e-mail on internally.  It's a secure way to do things
> and lightens the load on individual boxes.

Admins can do whatever they like inside their own networks -- without heed to 
the RFCs. 

> > Your backup MX is doing its job properly; I would suggest leaving it be.
>
> Please tell me why one mail exchanger should not reject invalid mail
> when another one does?  

There are different senses of invalid. We agree 'backups' should be rejecting 
mail whose local domain is "hotmail.com". You and I disagree whether a user 
is local to the machine (as I believe) or local to the network (as you do).

> Why impose this arbitrary rule that does no good
> but helps spammers and virus writers?

Exactly how does it help spammers and virus writers to have thier spew deleted 
on a primary instead of a backup? It doesn't.

Doing so considerably eases administration for me, though.
- -- 
Alistair
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: As seen at http://search.keyserver.net

iD8DBQFAKUC/Ez+/jt85AfsRAka9AJ4yraaVTMhXVel0IKfOmPLAWF56GwCbB+aa
gaZhqLfZURE4hbZyqocqlZ8=
=FoZI
-----END PGP SIGNATURE-----

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list