Le 15/05/2013 16:40, Vincent Lefevre a écrit : > Here this is more than a mail server being down. It is a domain > without a MX; doesn't this mean a direct reject? Actually removing > the MX pointer wouldn't be OK, as the client may look at the A record > instead, which can't be removed without temporarily affecting other > services. So, I'm not sure what should be done (except iptables...). > start anything that does not speak SMTP on port 25. while true; do nc -l 25; done should be enough for all your needs. This does not require knowing any iptables stuff. But someone managing a SMTP server at this level of care should know something about networking. > Hmm, OK, it seems that postfix works differently from exim (with > exim, the daemon is not needed to send a local mail: the sendmail > interface does all the job). > > Then, I think that it would be better to have another debconf question > for the Internet Site case (and Internet with smarthost?) in order to > let the admin decide whether he wants to listen to all interfaces now > or later. The goal would be to benefit from the automatic config from > the first debconf questions, but let the admin terminate advanced > configuration. No. Your server comes unconfigured, you do configure it while the other is still working, and then you stop the service on the first, finish syncing the mailboxes, switch the MX record, and then you can go to rest. This is no black magic. What you want is being over-cautious and will lead to people not understanding the basics or misanswering a debconf question to have non-functional servers and not being aware of it. I am definitely in the camp of you install a service, you get a working, minimal, safe configuration. Sincerly, -- -- Jean-Christophe Dubacq
Attachment:
signature.asc
Description: OpenPGP digital signature