Thats the one Ben
On 8/22/07, Rense Buijen <[EMAIL PROTECTED]> wrote: > > ...thats it? So it will skip the IP of the second MX and do an RBL check > against the IP who'm delivered it to the second MX? COOL! I thought it > would just ignore everything and pass on the mail.... Thanks! > > Ben O'Hara wrote: > > On 8/22/07, *Rense Buijen* <[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > Hi Pawel, > > > > I dont think I can check the recipient, if it doesnt exist the > > mailserver should send a normal bounce like every mailserver does, > > right? So does the primary machine (Exchange) I dont see a > > problem with > > that. > > > > Do you know if there is another good setup without having to sync > > all my > > antispam stuff to my second MX? I would really just use forwarding > if > > that is possible. Can I not rewrite the last "Received" header? That > > should work maybe? > > > > > > > > You dont have to, add your secondary mx to trusted_networks on the > > primary and it will know the fact to do the RBL lookups on the host > > that sent the mail to the secondary MX rather than the secondary mx > > itself. > > > > Ben > > > > Kind regards, > > > > Rense > > > > Pawel Sasin wrote: > > > Hi > > >> I cannot utilize the trusted_networks settings because I cannot > > trust > > >> the mail that my backup MX sends to me. > > >> > > >> The backup MX does NO filtering at all, it just accepts ALL > > mail that > > >> has a certain destination domain and then forwards it to the > > Primary > > >> MX where SA is running, SA is doing all the filtering and > > >> white/black/grey-listing. > > >> > > >> When SA is down (the Pri MX), it will just hold it until it > > gets back > > >> up. So basically all mail that comes from my second MX should be > > >> checked for spam and virus, it has not capabilities of it's > > own. It's > > >> working like a charm were it not for my black/white/grey-lists > and > > >> the RBL's now all do lookups on the last known IP which is my > > >> secondary MX. > > >> > > >> I don't think I am the first to utilize this method of > > redundancy so > > >> I figured there must be a way, I just dont know how :) > > >> So please advice further, your (and everyones) help is greatly > > >> appreciated. > > > > > > SA checks all 'Received' headers against RBLs. > > > > > > If you add secondary MX to trusted_networks, SA will just skip the > > > header from your exim and continue with the rest. > > > > > > But there is another problem with such config: > > > 1. see the numbers here http://nolisting.org/ > > > 2. does your dumb exim (secondary mx) check if the recipent > address > > > exists? > > > > > > If not you will end up sending tons of bounce messages to innocent > > > people from your secondary MX. Even if it does, your primary MX > can > > > refuse a spammy message and then you will be generating even more > > > bounce messages. This is not acceptable and you will end up in > some > > > RBLs yourself. > > > > > > > > > -- > > Met vriendelijke groeten, > > > > Rense Buijen > > Chess Service Management > > Tel.: 023-5149250 > > Email: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > > > > > > > -- > > "A Scientist will earn a living by taking a really difficult problem > > and spends many years solving it, an engineer earns a living by > > finding really difficult problems and side stepping them" > > > -- > Met vriendelijke groeten, > > Rense Buijen > Chess Service Management > Tel.: 023-5149250 > Email: [EMAIL PROTECTED] > > -- "A Scientist will earn a living by taking a really difficult problem and spends many years solving it, an engineer earns a living by finding really difficult problems and side stepping them"
