On 9/14/2009 12:18 PM, bsd wrote:
Hello,
I am using two postfix server and quite often some misconfigured mail
server are sending mail to the backup MX instead of the primary.
Both server have postfix implemented using the 'classic' conf:
in main.cf
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
check_recipient_access hash:/usr/local/etc/postfix/access
reject_unauth_destination,
reject_invalid_hostname,
reject_unknown_sender_domain,
# SPF implementation
check_policy_service unix:private/policy
# Greylisting implementation
check_policy_service inet:127.0.0.1:10023
and in master.cf :
# SPF policy implementation /usr/ports/mail/postfix-policyd-spf
policy unix - n n - - spawn
user=nobody argv=/usr/local/sbin/postfix-policyd-spf
The problem is that I sometimes have (quite often in fact) rejected mail
because they are using spf and the mail is transfered from my backup MX
to my master server and my server is considering that second server as
the issuer.
Add your secondary MX to mynetworks.
You shouldn't ever reject mail already accepted by your
secondary. To facilitate that, your secondary must have as
strict or stricter UCE controls, and must have a current valid
recipients list.
If you can't do those things, you probably shouldn't have a
secondary.
-- Noel Jones
