|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: René Nussbaumer (postfix
protection-fault.ch)
Date: Sat Apr 26 2008 - 02:51:11 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello
On Fri, Apr 25, 2008 at 09:20:04PM -0400, Jimbo wrote:
> René Nussbaumer wrote:
>> Yes, I'm aware of this fact. However, a backup MX should take care of
>> the mail if the primary is currently not reachable. At least from my
>> point of view. Yes, their is the danger of producing backscatter but
>> under normal circumstances the primary MX would not be that long
>> unreachable
> If you live in some perfect world where spammers don't exist, sure.
> Spammers frequently target higher weight, lower priorty MX records hoping
> to bypass spam filtering. The first time a spammer hits your backup MX
This is a know fact yes. But think of a framework where you put
front-end mailservers so the backend server can take care of distribute
the mails to the mailboxes without the need of implementing the spam
filtering again and again. In such an environment the backend mail
servers are not even seen by the public.
I agree, that if the cache is good populated you don't need this patch.
However in this case my patch would not even be triggered, as it only
gets triggered on unpopulated cache entries.
> server and sends a few (hundred) thousand pieces of junk email to your
> domains and they all generate a bounce message, what will you do then?
You've to do spam filtering anyway on these system the same way or else
you will again end up with backscatter and in this case worse than with
my patch.
> Being a backup MX is no excuse to not have recipient validation. If you
Yes, my patch is providing a way in the middle of stupid accept all
incoming emails and temporary reject the email because the recipient
validation at that point can't work because of unreachable
backend/primary MX.
> are using reject_unverified_recipient and have caching turned on, you can
> probably weather those few hours that the primary server is offline without
> so much as a hiccup.
Depends on how good your cache is populated, I agree, but like I said in
such circumstances my patch is not triggered.
René
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]