Mathhias,
The problem is that when the mail enters the backup MX, we dont know if
that mail is blacklisted at for instance spamcop.
So if the backup mx accepts the mail (because it's dumb and it will
accept it), and my primary mx (SA) has set the backup mx as trusted
network/source, the mail will be delivered while it should not have
been. You see the problem? SA cannot see if the mail that has been
forwarded by my backup MX is valid (black/whitelisted) or not because it
cannot check the IP against the RBL, it will lookup the wrong IP. And it
should do this because there is NO rbl checking on the backup MX itself...
Matthias Leisi wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rense Buijen schrieb:
Thank you for your (quick) reply.
I cannot utilize the trusted_networks settings because I cannot trust
the mail that my backup MX sends to me.
But your backup MX is "trusted" in the sense that it will not forge
sender addresses, Received: lines etc. -- that's what trusted_networks
basically implies.
If trusted_networks etc are set correctly, SA will recognize your backup
MX, and will not apply any RBL checks to it's IP address. The
Mail::SpamAssassin::Conf man-page has all the dirty details, including
those of internal_networks
The backup MX does NO filtering at all, it just accepts ALL mail that
has a certain destination domain and then forwards it to the Primary MX
where SA is running, SA is doing all the filtering and
white/black/grey-listing.
You should ensure that connections from your backup MX are not
grey/blacklisted at the MTA level (don't know whether you're already
doing it, but just to mention it...).
- -- Matthias
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFGzDfTxbHw2nyi/okRAq7jAKCbKv8IknFw2Nmse3l3LTszN7OyYgCfY28l
XAA+s+kES1B4mbmcvK2VE24=
=95OW
-----END PGP SIGNATURE-----
--
Met vriendelijke groeten,
Rense Buijen
Chess Service Management
Tel.: 023-5149250
Email: [EMAIL PROTECTED]
