[Gllug] Rejecting mail at backup MX

Bruce Richardson itsbruce at uklinux.net
Wed Feb 11 02:01:36 UTC 2004

On Tue, Feb 10, 2004 at 06:58:48PM +0000, Jason wrote:
> On Tue, 10 Feb 2004, Bruce Richardson wrote:
> > > Come again?  If his primary is down, then his secondary will have to put
> > > incoming messages onto the retry queue.  All that changes with call
> > > forward is that this happens at a slightly earlier stage.  Am I missing
> > > something or are you?
> > 
> > Hmm.  I probably forgot to explain that with call forward, if the end
> > system is down then the messages are placed on the retry queue *and call
> > forward is retried when the end system is back up*.
> Please clarify. Does this mean that the backup MX will reply with a 
> temporary error while the primary is down or that it will accept the 
> messages to process them once the primary is down?

Either is configurable.  The Exim ACL system is very flexible and you can 
even write an ACL in such a way that it replaces one assigned ACL with
another if certain conditions apply.  I haven't finished experimenting
with all the possibilities but I've managed to achieve such behaviour
(in the event of the end system failing to respond) as waiting for X
seconds, trying to verify again and then marking that destination for
special treatment for all future messages.

My next trick will be to abuse the embedded perl interpreter to get
fetch a set of user maps in the event of a definite failure on the back
end, just to see if it can be done.  My favoured option atm is to have
the gateway box fall back to consulting an LDAP directory (just what the
OP didn't want).  The LDAP lookup isn't as good as the smtp call
forward, though, since it can only provide static data and can't really
represent the _policy_ that the end store would have applied.

I suppose I prefer to use this method because I run gateway systems that
relay mail to a range of different systems, not all running the same mta
or OS.  In that kind of scenario it's not easy to replicate policy
between different boxes.


I must admit that the existence of Disneyland (which I know is real)
proves that we are not living in Judea in AD 50. -- Philip K. Dick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20040211/d65b4f84/attachment.pgp>
-------------- next part --------------
Gllug mailing list  -  Gllug at gllug.org.uk

More information about the GLLUG mailing list