On 9/28/2017 9:40 AM, Davide Marchi wrote: > Il 2017-09-27 18:40 Reindl Harald ha scritto: >> it's trivial, just give the primary MX the IP auf the backup-MX as >> alias and if you are at it enable "postscreen_dnsbl_sites" and >> "postscreen_greet_action" - after that your smtpd process only >> faces a >> few percent of all spam at all >> > > I've read from > http://www.postfix.org/POSTSCREEN_README.html#white_veto > and if I've understand well, this is what happen: > > 1) Postcreen should only be activated on the primary > 2) When the primary MX is up it refuse to whitelist clients that > connect to a backup MX address only (so no anymore email come from > secondary MX) > 3) When the primary is down the secondary became whitelist and > receive email > 4) When the primary MX come back, the secondary send queued email > from secondary to primary MX >
First, the postscreen mx test whitelist veto function is primarily intended to run on a single host that provides both primary and backup MX connections. If you run it on multiple hosts, they must both run postscreen and must share the postscreen cache, which likely introduces connection latency (very bad for postscreen), and definitely introduces a single point of failure. If the two hosts aren't physically close -- on the same switch -- this just isn't practical. Secondly, the postscreen mx test DOES NOT check the status of the primary MX, it only checks to see if the "first connection" is to the secondary. If the primary is down or unreachable by the connecting client, new connections will be deferred. And if the postscreen cache is on the primary and unreachable, then you won't be getting any mail. The best way to reduce spam on the backup MX server is to not use a backup MX server. If you feel you must have a backup MX, then the backup must have spam controls equal to or more strict than the primary, and backup must have a current recipient list so it can reject unknown recipients. The primary must never reject mail forwarded from the backup. -- Noel Jones
