> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of mouss > Sent: 08 October 2008 09:04 > To: postfix-users@postfix.org > Subject: Re: My first config - unable to telnet to port 25, > virtual.db missing > > Paul Cocker wrote: > > The primary passes to an internal mail server, but performs > recipient > > validation before doing so. This is why I don't believe it's worth > > doing on the secondary because it means genuine recipients will be > > checked with the internal server twice (should they be > received by the > > secondary, not primary MX). > > Let's go the concrete example way. > > $ host -t mx jonview.com > jonview.com mail is handled by 10 mx.ca.mci.com. > jonview.com mail is handled by 5 mail.jonview.com. > > so the domain has a primary and a secondary (and the primary > probably passes mail to an internal server as suggested by > the "user unknown in RELAY recipient..." below). > > now here's a bounce from yesterday junkscatter storm: > > This is the mail system at host mx03.ca.mci.com. > > ... > <[EMAIL PROTECTED]>: host mail.jonview.com[209.47.92.183] said: > 550 <[EMAIL PROTECTED]>: Recipient address rejected: > User unknown in relay recipient table (in reply to RCPT TO > command) ... > > > so the primary does recipient validation and the secondary > sent me the junk (the original subject was "5% off for > 305.mattias1". I guess you're now familiar with such subjects). > > ALL servers that get connections from strangers MUST do > recipient validation DURING THE SMTP TRANSACTION. you get > your share of junk, I get mine, and I get enough of it, so I > don't need to see yours.
Referring to the uppercase, I assume this is based around both machines passing directly to the internal server. If, as we do, the secondary forwards the mail onto the primary (which skips the secondary's headers and examines those that came before) then such validation is not a requirement to "good behaviour", correct? I want to get the secondary setup for validation so that should we have a major fault it can pass directly inside, but I haven't been able to get it to work with AD LDAP signing yet. > > PS. when you post, fix the subject line by removing the silly > "spam" tag added by your (broken?) filter. > > Also please do not top post. put your replies after the text > you reply to. google if this is not clear. > > > > > Apologies if my terminology is off here. I always think of > MX servers > > as gateways, though I realise in some companies the gateway > server and > > the internal mail server will be one and the same. > > > > From reading further into your response, perhaps I > misunderstanding MX > > records. So far as I know, if the secondary MX server receives the > > e-mail, it shouldn't pass it inside but rather should pass > it to the > > primary MX server, which should be the single point of contact with > > the internal mail server. Is this incorrect? > > > > That's ok. but you can easily understand that ratware doesn't > care about the standards. Some ratware intentionally skips > the first MX. See Jorey's nolisting page: > http://nolisting.org/ > > TNT Post is the trading name for TNT Post UK Ltd (company number: 04417047), TNT Post (Doordrop Media) Ltd (00613278), TNT Post Scotland Ltd (05695897), TNT Post North Ltd (05701709), TNT Post South West Ltd (05983401), TNT Post Midlands Limited (6458167)and TNT Post London Limited (6493826). Emma's Diary and Lifecycle are trading names for Lifecycle Marketing (Mother and Baby) Ltd (02556692). All companies are registered in England and Wales; registered address: 1 Globeside Business Park, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1HY.
