|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: René Nussbaumer (postfix
protection-fault.ch)
Date: Sat Apr 26 2008 - 07:01:25 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Sat, Apr 26, 2008 at 01:32:26PM +0200, mouss wrote:
> René Nussbaumer wrote:
>> This is a know fact yes. But think of a framework where you put
>> front-end mailservers so the backend server can take care of distribute
>> the mails to the mailboxes without the need of implementing the spam
>> filtering again and again. In such an environment the backend mail
>> servers are not even seen by the public.
>
> In this case, this MX does not need to queue mail. it can tempfail if it
> cannot validate the recipient.
It does not need, but you don't know the queue settings for the sending
host either. Depending on the sender setting this might cause problem in
your case.
>> [snip]
>> You've to do spam filtering anyway on these system the same way or else
>> you will again end up with backscatter and in this case worse than with
>> my patch.
> No, there will be no backscatter except if you bounce spam and viruses,
> which is a bad thing anyway.
Well, if you accept the mail, because the recipient is valid (i.e. due to
cache) but do not provide spam/virus filtering on that host and then
sending it to the primary MX after they become available again and he is
rejecting the mail because he found a virus/spam inside the mail, you
producing backscatter as well. But this is not the point of the
discussion here.
>>> Being a backup MX is no excuse to not have recipient validation. If you
>> Yes, my patch is providing a way in the middle of stupid accept all
>> incoming emails and temporary reject the email because the recipient
>> validation at that point can't work because of unreachable
>> backend/primary MX.
> according to your description, you patch causes postfix to accept mail if
> it cannot validate the recipient. such mail will then bounce later.
I did not decline that. And already agreed on that, that this might
produce backscatter. However under normal circumstances this argument
is not true and my patch is not even triggered.
And because my patch is not changing the default behaviour you don't
even have to bother with it. But if you think you need it for you
usecase you can activate it.
I don't ague with the fact that this might not scale for big systems
with thousends of users, there you don't even really care about
failing backends because you've enough other machines, but for a small
infrastructure this argument does not necessary match.
René
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]