[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: virus scanning

On Mon, 16 Feb 2004 14:18, Josip Rodin <joy@srce.hr> wrote:
> On Mon, Feb 16, 2004 at 01:57:12PM +1100, Russell Coker wrote:
> > > Hey, I know all about it. Even when people don't do it entirely
> > > wrongly, they can still screw up. Various yahoo.tld mail servers don't
> > > reject invalid recipients at RCPT stage but at DATA. (I highly doubt
> >
> > Unless you're doing call-outs then rejecting at the DATA stage is OK.
> I am doing callouts, but they'd still be getting stuck in my queues even
> if I wasn't. They'd be getting stuck with all the other stuff that callouts
> avoid, though.

If a 550 is sent then it should not be stuck in your queues, it should be 

> > > > If so why not just have a SMTP proxy on the MX secondary which passes
> > > > all data through to the primary if it's available, and sends it
> > > > locally for queuing otherwise?
> > >
> > > Ahm. That's basically what a secondary MX usually does, you know. :)
> >
> > No.  Secondary MX's usually receive the mail, queue it, and then send it
> > on if possible.  They don't just open a TCP connection to the primary and
> > pipe the data through unchanged.
> There's not much negative difference (a small delay, a small resource
> usage), and the advantage of not bothering the primary MX is lost, so I
> don't see much reason to prefer that.

The negative difference is that it forces you to have the same configuration 
in terms of valid recipients and virus/spam filters for both the primary and 
secondary to avoid sending the unwanted bounces to innocent victims that 
started this thread!

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: