Michael Tokarev:
> It started as an operator error, albiet an unexpected one.
>
> I had 3 IP addresses for our mailserver, one "primary"
> which receives mail "from outside", one "internal", and
> I added another, to which I pointed secondary MX to, in
> order to test postscreen.
>
> So it worked quite well for some time, and I decided to
> switch primary MX (the same host!) to use postscreen
> too.
>
> So I added second postscreen line into main.cf, with the
> primary MX IP, and the rest of the line being the same
> as for the other postscreen entry.
>
> I watched it for a while, it all worked well.
Are you using a shared whitelist database? That is not possible.
On the other hand you can configure 2.9 postscreen to listen on
primary and secondary MX, and to refuse whitelisting clients
that connect to the backup MX only (kills 10% of zombies here).
I have an explicit check that requires a postscreen process count
of 1, but I had not thought of people sharing the database via
other tricks. I'll have to add a hard "get exclusive lock or die"
check to postscreen.
Database sharing will never be supported with "file" based tables.
Sharing may "work" with *SQL once "update" and "sequence" support
is added, but I expect that the performance will be unacceptable.
Wietse
