On Fri, May 22, 2009 at 3:19 PM, Rick <[email protected]> wrote: > > > On Tue, May 19, 2009 at 1:58 PM, Noel Jones <[email protected]> wrote: >> >>> Won't the mail just be forwarded to the primary mail server, who can >>> reject it there? >> >> ... which then causes your server to generate a bounce to the (often >> forged) envelope sender. Your queue will be clogged with undeliverable >> bounces, choking performance for legit mail. >> Eventually you will deliver enough mail to f >> >> orged senders that your server will be blacklisted as an >> outscatter/backscatter source. > > I'm still not clear on how this is different than "normal". > > Let's say I use a gmail account, and send it directly to my domain/main mail > server (Microsoft Exchange) to an invalid address. I get the following > bounce-back: > Delivered-To: [email protected] > Received: by 10.220.74.197 with SMTP id v5cs94260vcj; > Fri, 22 May 2009 12:05:35 -0700 (PDT) > Received: by 10.224.2.212 with SMTP id 20mr4273331qak.343.1243019135083; > Fri, 22 May 2009 12:05:35 -0700 (PDT) > Return-Path: <> > Received: from webmail.int.example.com (Webmail2.example.com [x.x.x.x]) > by mx.google.com with ESMTP id 5si4116455qwg.29.2009.05.22.12.05.28; > Fri, 22 May 2009 12:05:34 -0700 (PDT) > Received-SPF: pass (google.com: domain of webmail.int.example.com designates > x.x.x.x as permitted sender) client-ip=x.x.x.x; > Authentication-Results: mx.google.com; spf=pass (google.com: domain of > webmail.int.example.com designates x.x.x.x as permitted sender) smtp.mail= > Received: from (unknown [10.10.20.150]) by webshield3200.int.example.com > with smtp > id 2198_176c0290_46ff_11de_b524_001422234860; > Fri, 22 May 2009 14:33:50 -0400 > From: [email protected] > To: [email protected] > Date: Fri, 22 May 2009 15:05:26 -0400 > MIME-Version: 1.0 > Content-Type: multipart/report; report-type=delivery-status; > boundary="9B095B5ADSN=_01C9A571EDB220B2000062B8webmail.int.i" > X-DSNContext: 335a7efd - 4523 - 00000001 - 80040546 > Message-ID: <[email protected]> > Subject: Delivery Status Notification (Failure) > > > Pretty much what I expect. > > But let's say I set up my postfix mail server with the changes discussed > above and telnet into it (don't feel like updating DNS for a secondary MX). > > Mail sent to a valid address works just fine (yay!). > > When I send mail to my domain with an invalid address, again, I get a > bounceback, but it looks pretty much like the original bounceback when sent > directly: > Delivered-To: [email protected] > Received: by 10.220.74.197 with SMTP id v5cs93288vcj; > Fri, 22 May 2009 11:56:18 -0700 (PDT) > Received: by 10.151.72.1 with SMTP id z1mr8254952ybk.170.1243018577774; > Fri, 22 May 2009 11:56:17 -0700 (PDT) > Return-Path: <> > Received: from webmail.int.example.com (Webmail2.example.com [x.x.x.x]) > by mx.google.com with ESMTP id > 23si7742750gxk.58.2009.05.22.11.56.17; > Fri, 22 May 2009 11:56:17 -0700 (PDT) > Received-SPF: pass (google.com: domain of webmail.int.example.com designates > x.x.x.x as permitted sender) client-ip=x.x.x.x; > Authentication-Results: mx.google.com; spf=pass (google.com: domain of > webmail.int.example.com designates x.x.x.x as permitted sender) smtp.mail= > Received: from (unknown [10.10.20.150]) by webshield3200.int.example.com > with smtp > id 21e4_cf39f690_46fd_11de_88a2_001422234860; > Fri, 22 May 2009 14:24:39 -0400 > From: [email protected] > To: [email protected] > Date: Fri, 22 May 2009 14:56:15 -0400 > MIME-Version: 1.0 > Content-Type: multipart/report; report-type=delivery-status; > boundary="9B095B5ADSN=_01C9A571EDB220B2000062B1webmail.int.i" > X-DSNContext: 335a7efd - 4523 - 00000001 - 80040546 > Message-ID: <[email protected]> > Subject: Delivery Status Notification (Failure) > > > So the behavior is the same when I use the primary with an invalid address, > or if I use the secondary with an invalid address. How am I becoming an > increased source of backscatter? > > If the answer is, "your exchange server config is broken" well, perhaps, but > I didnt' set up (or own) that box. Setting up postfix as a secondary won't > break anything any worse than it already is, right? >
Yes, the exchange configuration is broken. They will have to fix it eventually, because such a configuration is unusable in the real world. When they do, your broken postfix configuration will become evident.
