On 2021-05-04 at 20:38:55 UTC-0400 (Wed, 5 May 2021 03:38:55 +0300)
IL Ka <kazakevichi...@gmail.com>
is rumored to have said:
Hello,
It is suggested to provide list of relay_domains explicitly for the
backup
mx:
http://www.postfix.org/STANDARD_CONFIGURATION_README.html#backup
But another solution is to set "permit_mx_backup" for
"smtp_relay_restrictions".
It seems to be a flexible approach (since only DNS should be changed),
but
for some reason
this method hasn't been mentioned in the document.
Does it have drawbacks?
Yes.
It makes the security configuration of your MTA (i.e. whether you act as
a relay for a particular recipient domain) controlled by DNS which you
may not control. Anyone can make their domain point to your MTA as a
backup MX.
By the way, should I explicitly set "permit_mx_backup_networks" to my
primary MX if I use
"permit_mx_backup"?
You MUST explicitly set permit_mx_backup_networks if you want
permit_mx_backup to work at all, according to the documentation in the
postconf(5) man page.
I can't imagine any case when this feature could be misused (except
DNS
spoofing probably)
If you do not define permit_mx_backup_networks to only include the
addresses of known MXs for which you knowingly provide secondary MX
service, permit_mx_backup can be misused to route mail through your
system which you properly should never be handling. The most obvious
usefulness of that abuse would be to misdirect response to other sorts
of bad behavior which use a domain name that in fact is not mailable.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
