On 10/2/2017 10:03 AM, Davide Marchi wrote: > Il 2017-09-28 18:41 Noel ha scritto: > [..] > >> >> If you feel you must have a backup MX, then the backup must have >> spam controls equal to or more strict than the primary, and backup >> must have a current recipient list so it can reject unknown >> recipients. The primary must never reject mail forwarded from the >> backup. >> > > Well, this is clear! > And and at this point, excluding for the reasons above, Postcreen, > if I enabled DKIM keys on both servers? This solution could be > stop spam email from non-existent aliases that come from my domains? > For example a my domain could be foo.com and I have postfix > virtual user: o...@foo.com and t...@foo.com and receive email spam > from nonexistent th...@foo.com. > The DKIM solution on both servers could stop spam from > th...@foo.com? Or maybe should I configure better > local_recipient_maps? > > > many thanks again and thanks for your patience!! :-) > > David
DKIM will stop forged senders in your domain, but it won't stop mail to a random recipient in your domain. Each server *must* have a list of valid recipients. The secondary MX will use relay_recipients_maps for this. You can still use postscreen independently on both servers, but the two postscreen instances can't share information. For further info on postfix config, please see the postfix docs or ask on the postfix-users list since this is off-topic for spamassassin. -- Noel Jones
