Re: Email forwarding and RBL trouble

Wed, 22 Aug 2007 06:22:18 -0700 

Hi Pawel,
I dont think I can check the recipient, if it doesnt exist the mailserver should send a normal bounce like every mailserver does, right? So does the primary machine (Exchange) I dont see a problem with that. 


Do you know if there is another good setup without having to sync all my 
antispam stuff to my second MX? I would really just use forwarding if 
that is possible. Can I not rewrite the last "Received" header? That 
should work maybe?


Kind regards,

Rense

Pawel Sasin wrote:

Hi

I cannot utilize the trusted_networks settings because I cannot trust 
the mail that my backup MX sends to me.



The backup MX does NO filtering at all, it just accepts ALL mail that 
has a certain destination domain and then forwards it to the Primary 
MX where SA is running, SA is doing all the filtering and 
white/black/grey-listing.



When SA is down (the Pri MX), it will just hold it until it gets back 
up. So basically all mail that comes from my second MX should be 
checked for spam and virus, it has not capabilities of it's own. It's 
working like a charm were it not for my black/white/grey-lists and 
the RBL's now all do lookups on the last known IP which is my 
secondary MX.



I don't think I am the first to utilize this method of redundancy so 
I figured there must be a way, I just dont know how :)
So please advice further, your (and everyones) help is greatly 
appreciated.


SA checks all 'Received' headers against RBLs.


If you add secondary MX to trusted_networks, SA will just skip the 
header from your exim and continue with the rest.


But there is another problem with such config:
1. see the numbers here http://nolisting.org/

2. does your dumb exim (secondary mx) check if the recipent address 
exists?



If not you will end up sending tons of bounce messages to innocent 
people from your secondary MX. Even if it does, your primary MX can 
refuse a spammy message and then you will be generating even more 
bounce messages. This is not acceptable and you will end up in some 
RBLs yourself.





--
Met vriendelijke groeten,

Rense Buijen
Chess Service Management
Tel.: 023-5149250
Email: [EMAIL PROTECTED]























					Reply via email to