On Tue, Nov 09, 2004 at 03:30:03PM +0000, John Goerzen wrote: > On 2004-11-09, Steve Drees <[EMAIL PROTECTED]> wrote: > > John Goerzen <> wrote: > >> I'm looking at redoing my mail setup due primarily to spam filtering. > >> Over at http://www.tldp.org/HOWTO/Spam-Filtering-for-MX/multimx.html, > >> they are suggesting not to use redundant mail servers unless needed > >> for load balancing. > > > > This is poor advice. > > Could you elaborate a bit on why that is? The author is saying that > well-behaved (ie, non-spamming) MTAs would keep retrying for several > days anyway, so the only time a backup MX would really prevent mail loss > is due to an outage extending more than that time. What do you think?
it isn't likely to help even then because the backup MX is unlikely to have a longer queue lifetime than the original sending server (5 days is the typical default). to illustrate, there are two basic possibilities here: 1. you control the server. you could set the queue lifetime to more than the standard 5 days, but you're not likely to because it causes more problems than it solves. your queue will get even more clogged with undeliverable spam bounces (held for 10, 15, 20 or whatever days rather than the standard 5). spammers tend to focus on backup MX records rather than primary MXs (hoping to bypass anti-spam rules), so it's pretty much guaranteed that the box WILL be flooded with undeliverable spam bounces. also your users will wonder why they are getting bounces for undeliverable mail that they sent over a week ago. 2. you don't control the server. you will have no chance of getting the operators to set a longer than standard for pretty much the same reasons as in case 1. above, plus the additional reason that there's not even an illusory benefit to them in doing it. > [...] > Now think what happens when viruses/spammers do this. My backup MX is > sending out a lot of bounce messages to potentially innocent victims for > this reason. yes. you're definitely on the right track with this thought. craig -- craig sanders <[EMAIL PROTECTED]> (part time cyborg) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
