Hi Kai,
I didn't know that a backup MX can lead to more trouble then having just
one, gee, I thought it was a good thing but it turned out to be a quite
bad one :)
I'll go and use LDAP on the second MX to make sure the remote user
exists, otherwise drop it silently.
It's indeed getting a bit off-topic so I'll thank everyone for their
input, it made me a lot wiser on this issue.
And as for spamassassin... keep up the good work, I love it!
Rense
Kai Schaetzl wrote:
Rense Buijen wrote on Wed, 22 Aug 2007 16:01:09 +0200:
I think Exchange is configured the right way
in such a way that it knows what users it has on the system..
But your backup MX doesn't. As you say you are taking in all mail, forward
it to primary and then bounce it back to the sender. But your primary MX
doesn't know the sender! Basically *all* viruses and spam come with forged
senders. So, what you do is bounce back spam and viruses to innocent
bystanders. This is bad, really bad!
What you should do is check on the secondary MX if a user exists and don't
accept it if a user doesn't exist. This depends on the mail server you
use, there are several solutions for this and it's off-topic on this list.
And until you don't have such a solution in place do *not* send out *any*
DSNs from your primary MX if they are for messages you got in from your
secondary!
Kai
--
Met vriendelijke groeten,
Rense Buijen
Chess Service Management
Tel.: 023-5149250
Email: [EMAIL PROTECTED]
