** Vic <lug@???> [2006-12-12 16:47]:
> > The only problem is that the primary server doesn't have any idea what
> > mail accounts are valid
>
> This is why backup MXes are a bad idea in the current sewer^Hclimate.
>
> Unless your MX has a list of valid client addresses, it will accept mail
> for dictionary-attack targets. This is a Bad Thing(tm).
Don't I know it. I've picked up a few customer setups that have a
catchall mail address and that is nasty - I think I only have one left
that needs to be 'persuaded' onto not having the * entry in the config.
> > so any mail for an account that doesn't exist
> > gets rejected by the primary and ends up frozen in the mail queue on the
> > secondary - which I have to clear out every now and then.
>
> Well, at least you're not trying to bounce it. That would turn you into a
> spam reflector - which is a Very Bad Thing(tm).
Quite agreed, I get a decent amount of 'returned' mail myself from such
configurations :(
> > Does anyone have a better suggestion as to a solution?
>
> Yes - ditch your config. Have a single MX that has your valid addresses on
> it. This will probably end up being your side of the ADSL link.
I may well do. As I said this is experimental at the moment as I'm
working towards replacing my use of fetchmail with a proper mail setup
on my fix IP ADSL (a long term project that keeps getting put on the
back burner while I rejig my network amongst other things). The
motivation behind the setup was increased security (i.e. the fewer
machines that are allowed to talk inwards onto my internal network the
better, but it would reduce traffic on the external server if I just
directed in. The ideal goal is to have a relay server in my DMZ, but my
network topology has temporarily changed unfortunately (due to hardware
failure).
** end quote [Vic]
--
Paul Tansom | Aptanet Ltd. |
http://www.aptanet.com/
