[HLUG] Exim 4.50 on Debian 3.1 external greet_pause?

John Hedges john at drystone.co.uk
Tue Jan 30 09:16:49 GMT 2007 

Hi Mark

[snip]
> >Your configuration is interesting in that you are leveraging the
> >secondary MX as a mail queue. In many ways, I prefer it to mine which is
> >a primary MX on a permanently connected VM with mailboxes and either
> >IMAP direct to that host, or fetchmail for distribution into mailboxes
> >on a lan server. Either way, I rely on some sort of polling with IMAP or
> >POP3. However, you have two sets of ACLs to keep in sync and the
> >necessity to route inbound SMTP through your firewall.
> 
> I'm not a fan of polling, it can work well for small set-ups but can
> quickly become onerous.  I'd rather have direct delivery personally (I
> was a Demon user for a good number of years and they preferred direct
> SMTP delivery over POP3 and it kind of stuck :).
 
Agreed, polling isn't ideal. It's similarly historic, left over from the
days of numerous POP accounts.

> BTW what ACLs would have to be kept in sync?

Most importantly, usernames, so you don't queue mail for non-existent
users. Also Clam, SA, white/grey/blacklists, RBLs - anything your
primary might use to reject at SMTP time so you aren't in the situation
where you need to send delivery failure notices to forged spammer
addresses in your queued mail.

> >Why don't you make your secondary MX your primary? It would always spool
> >when it couldn't forward to your home and you'd only need one set of
> >ACLs (plus a very simple one on your home server to allow SMTP only from
> >your mail server and lan). This would give you the same functionality,
> >would make more sense primary/secondary-wise and would allow you to
> >tighten your firewall.
> 
> I buy my backup MX as a service and have no control over it (it
> doesn't have any spam/AV controls on it) so I have to implement those
> anyway on my primary and I might as well allow connections from any
> sender as I have to deal with all the email on that machine anyway.
> To be honest I am thinking in the future of having a primary sitting
> in a permanently connected VM just so I can read new email without
> having the machine turned on at home, but conversely I would keep the
> backup in case of outages (the backup MX service costs peanuts).

It would make sense as you are relying on your secondary most of the
time - it's not really a backup if it handles most of your mail. I hope
you are considering Bytemark :)

Cheers

John

More information about the Herefordshire mailing list