On Thu, Jan 06, 2011 at 04:52:29PM -0800, Steve Jenkins wrote:
> We're exploring the possibility of using smtp_fallback_relay as a way to
> offload re-delivery attempts of deferred mails when we send our weekly
> newsletter to 700K+ recipients.
A good idea for mailings of this scale.
> 3) fallbackmailer.sendingdomain.com is set up as the smtp_fallback_relay, so
> it handles subsequent re-delivery attempts, freeing up more resources on
> mailer.sendingdomain.com to handle first attempts at deliveries and incoming
> mail.
Correct, and you may need to tune the fallback a bit differently, larger
active queue size, longer maximal backoff time (but not substantially
longer initial backoff), more total smtp client processes, but not
more per-destination concurrency, ...
> 4) Successful re-deliveries get logged in fallback's /var/log/maillog
Of course.
> 5) Hard bounces (whether 5xx messages from smtp.receivingdomain.com or
> timeouts where fallbackmailer.sendingdomain.com gives up) get delivered to
> the catchall on bounce.sendingdomain.com (where we can process them later).
Naturally.
> Two questions:
>
> 1) Is that an accurate description of what would/could happen with
> smtp_fallback_relay?
Yes.
> 2) Am I accurate in assuming that smtp.receivingdomain.com will see delivery
> attempts from both IP addresses for mailer.sendingdomain.com and
> fallbackmailer.sendingdomain.com, and therefore I will need to manage the
> Sender Reputations of both IPs, make sure they are both included in FBLs,
> absent from blacklists, etc.?
Yes.
> 3) Won't this cause an issue with DKIM validation? If the original message
> was signed by mailer.sendingdomain.com, won't it fail validation on the
> receiving end since the fallback relay has a different hostname? If so, any
> possible solutions to this?
DKIM does not care about the sending host. It is an end-to-end protocol,
not a hop-by-hop protocol. Your need to take some time to understand DKIM.
DKIM authenticates the responsible (d=) domain, via a cryptographic
signature on the message whose public key is available via DNS. DKIM
messages are authentic regardless of which host sends them. The signature
authenticates the content, not the transmission channel.
--
Viktor.
