MailScanner/Exim - Debian

This is a discussion on MailScanner/Exim - Debian ; I'm trying to help a buddy set up his mail system a bit better. We have exim4 and MailScanner set up on his primary machine and also his secondary MX. His primary gladly chunks mail for non-existant users. However, anything ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: MailScanner/Exim

  1. MailScanner/Exim

    I'm trying to help a buddy set up his mail system a bit better. We
    have exim4 and MailScanner set up on his primary machine and also
    his secondary MX. His primary gladly chunks mail for non-existant
    users. However, anything that gets pushed to his secondary just
    gets forwarded to the primary, and that can be a lot of crap. The
    two systems are virtuallly mirrors, with just the slight config
    change for exim on the secondary.

    I can't get my mind around this, although I know there has to be a way.
    How can I have the secondary validate the recipient and not simply
    forward it to the primary for delivery?

    Tim

    --
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

    >> Tim Sailer (at home) >< Coastal Internet, Inc. <<
    >> Network and Systems Operations >< PO Box 726 <<
    >> http://www.buoy.com >< Moriches, NY 11955 <<
    >> tps@unslept.com/tps@buoy.com >< (631)399-2910 (888) 924-3728 <<
    >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<



    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  2. Re: MailScanner/Exim

    tps wrote:
    > I'm trying to help a buddy set up his mail system a bit better. We
    > have exim4 and MailScanner set up on his primary machine and also
    > his secondary MX. His primary gladly chunks mail for non-existant
    > users. However, anything that gets pushed to his secondary just
    > gets forwarded to the primary, and that can be a lot of crap. The
    > two systems are virtuallly mirrors, with just the slight config
    > change for exim on the secondary.
    >
    > I can't get my mind around this, although I know there has to be a way.
    > How can I have the secondary validate the recipient and not simply
    > forward it to the primary for delivery?
    >


    Maintain a valid user table on the secondary.

    --
    sethm@rollernet.us
    Ne cede malis sed contra audentior ito


    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  3. Re: MailScanner/Exim

    On Sat, Jul 29, 2006 at 01:32:17AM -0400, tps wrote:
    > I'm trying to help a buddy set up his mail system a bit better. We
    > have exim4 and MailScanner set up on his primary machine and also
    > his secondary MX. His primary gladly chunks mail for non-existant
    > users. However, anything that gets pushed to his secondary just gets
    > forwarded to the primary, and that can be a lot of crap. The two
    > systems are virtuallly mirrors, with just the slight config change for
    > exim on the secondary.
    >
    > I can't get my mind around this, although I know there has to be a
    > way. How can I have the secondary validate the recipient and not
    > simply forward it to the primary for delivery?


    1. extract the valid users list from /etc/passwd, /etc/aliases, and
    wherever else they may be.

    2. use scp/rsync or whatever to copy them to the MX backup.

    3. put them into a lookup file (hashed db or btree or whatever preferably
    for speed) for exim on the backup MX.

    4. put all of the above into a cron job. or script it so that you can just
    run one command to update the backup MX whenever you add/delete/change
    users and aliases.

    5. configure exim on the backup MX to use that lookup to validate relay
    recipient addresses.


    postfix has a relay_recipients lookup feature for this. dunno what the
    equivalent is in exim (or even if there is one), but there's probably
    some way to do it.


    craig

    --
    craig sanders (part time cyborg)


    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  4. Re: MailScanner/Exim

    Craig Sanders wrote:

    > 5. configure exim on the backup MX to use that lookup to validate relay
    > recipient addresses.



    On both of these boxes, in your acl_smtp_rcpt, you could use something like:

    ##
    accept hosts = +relay_from_hosts
    endpass

    (other rules (ratelimiting, etc) might go here here)..

    verify = recipient
    ##

    Obviously, you need to define your hostlist 'relay_from_hosts'.

    This will stop bogus addresses at SMTP time.

    Note: Having your MXes so willing to not accept mail at SMTP time does
    leave you open to directory harvest attempts. You want additional ACLs
    which log/limit unknown addresses.



    --
    To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
    with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  5. Re: MailScanner/Exim

    On Sat, Jul 29, 2006 at 01:32:17AM -0400, tps wrote:
    > I can't get my mind around this, although I know there has to be a way.
    > How can I have the secondary validate the recipient and not simply
    > forward it to the primary for delivery?


    You need to use something like..

    accept
    domains = +relay_to_domains
    verify = recipient/callout=15s/callout_defer_ok

    In the RCPT ACL.

    This causes the server to connect to the primary and issue enough
    commands to check that the recipient exists, before accepting the
    mail itself. If it can't connect then it accepts it (for when/if
    the primary is down) anyway.

    If your primary is down often or if you get a very large amount of
    email going to the backup MXes then you will probably want to
    distribute the user list and write a check against that instead.

    Cheers,
    Andy

    --
    http://strugglers.net/wiki/Xen_hosting -- A Xen VPS hosting hobby
    Encrypted mail welcome - keyid 0x604DE5DB

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.1 (GNU/Linux)

    iD8DBQFEy1o4IJm2TL8VSQsRAoJkAJ0ZruBn1ZrZ/OyZBvpjox5CCXTwfwCg6iY7
    PjZZS5hJPAJd+N9UZbdHQWE=
    =oCuF
    -----END PGP SIGNATURE-----


+ Reply to Thread