[HLUG] Exim 4.50 on Debian 3.1 external greet_pause?

Andrew Hodgson andrew at hodgsonfamily.org
Mon Jan 29 22:14:01 GMT 2007 

Hi Mark/John,

-----Original Message-----
From: herefordshire-bounces at mailman.lug.org.uk [mailto:herefordshire-bounces at mailman.lug.org.uk] On Behalf Of Mark Broadbent
Sent: 29 January 2007 21:19
To: Herefordshire Linux Users Group.
Subject: Re: [HLUG] Exim 4.50 on Debian 3.1 external greet_pause?

>On 29/01/07, John Hedges <john at drystone.co.uk> wrote:
>> Hi Mark
>
>> > On 29/01/07, John Hedges <john at drystone.co.uk> wrote:
>> > >On Mon, Jan 29, 2007 at 04:01:44PM +0000, Mark Broadbent wrote:
>> > >> [...]
>> > >
>> > >Thanks Mark. Maybe I am less than bomb-proof. However I'm still not
>> > >convinced that the (im)probability of receiving mail from a broken
>> > >sender when your primary is down warrants maintenance of a second mail
>> > >server. Perhaps it's a bit hard line but it's better not to pander to
>> > >broken/misconfigured senders. You never know, it might prompt them to
>> > >get their servers fixed :) And as far as the warning messages are
>> > >concerned, aren't they useful to the sender?

As far as setting up a secondary MX on my own, it was my next project, as I haven't done much in a while :) - it will do DNS also with Bind, but I think I can cope with that.  I wanted to get into Exim config :).

>> > I greatly depends on your circumstances, for me, my primary is located
>> > in my house and is off most of the time so I want the backup to
>> > collect mail and hold it quietly for upto 2 weeks (like when I go on
>> > holiday).  For a business who relies on email then you have no option
>> > but to make it as easy and bombproof as possible for your customers to
>> > send you email.  But for everyone else, it won't matter.

>> > >If your secondary can deliver mail, then fine - it's obviously useful in
>> > >that you are improving availability, but just to spool seems pointless
> > >to me.
> >
>> > Very rarely would a secondary actually deliver mail (as I said before
>> > it would be a redundant primary if it did)

Yes, nearly all the secondaries I have seen work like this.  This include the servers at a large council, and where I work currently (before I botched things up).  ISPs tend to have either a single MX which goes to a mail cluster of front end machines, or use several MX hosts and give them the same priority.  I think it depends on the sort of mail you receive - I wouldn't want a business to rely on just one MX, though conversely having two MX servers can also be a problem.  Our Internet was cut at work for over 2 days last year, and people were phoning in asking why they were getting mails from the Gradwell postmaster, who provide our secondary MX services.  

>[...]

>> Your configuration is interesting in that you are leveraging the
>> secondary MX as a mail queue. In many ways, I prefer it to mine which is
>> a primary MX on a permanently connected VM with mailboxes and either
>> IMAP direct to that host, or fetchmail for distribution into mailboxes
>> on a lan server. Either way, I rely on some sort of polling with IMAP or
>> POP3. However, you have two sets of ACLs to keep in sync and the
>> necessity to route inbound SMTP through your firewall.

The later is trivial surely, and there aren't really many ACLS on the secondary (I had Mailhop, costing around £15 per year, and there is nothing to configure).

>I'm not a fan of polling, it can work well for small set-ups but can
>quickly become onerous.  I'd rather have direct delivery personally (I
>was a Demon user for a good number of years and they preferred direct
>SMTP delivery over POP3 and it kind of stuck :).

Same here.

>> Why don't you make your secondary MX your primary? It would always spool
>> when it couldn't forward to your home and you'd only need one set of
>> ACLs (plus a very simple one on your home server to allow SMTP only from
>> your mail server and lan). This would give you the same functionality,
>> would make more sense primary/secondary-wise and would allow you to
>> tighten your firewall.

Actually I did this back in 2002 when I was on an ISDN connection.  In that case I used ETRN when the connection was up, because I wanted direct delivery to my domain.  In this case the MX used a configuration whereby it always sent messages to the static IP address, not to the first MX on the list, but this isn't always easy to arrange, so is worth baring in mind.

>I buy my backup MX as a service and have no control over it (it
>doesn't have any spam/AV controls on it) so I have to implement those
>anyway on my primary and I might as well allow connections from any
>sender as I have to deal with all the email on that machine anyway.
>To be honest I am thinking in the future of having a primary sitting
>in a permanently connected VM just so I can read new email without
>having the machine turned on at home, but conversely I would keep the
>backup in case of outages (the backup MX service costs peanuts).

As I said, the main reason for ditching it here is due to the bounces which I see (I see the rejection log in Sendmail so I know what is being returned to users).  I have also kept a low spec machine on 24x7 at home for years, so its pretty much taken as read now.  

Andrew.

More information about the Herefordshire mailing list