Re: Email forwarding and RBL trouble

Thats the one

Ben

On 8/22/07, Rense Buijen <rense.buijen@chess.nl> wrote:
>
> ...thats it? So it will skip the IP of the second MX and do an RBL check
> against the IP who'm delivered it to the second MX? COOL! I thought it
> would just ignore everything and pass on the mail.... Thanks!
>
> Ben O'Hara wrote:
> > On 8/22/07, *Rense Buijen* <rense.buijen@chess.nl
> > <mailto:rense.buijen@chess.nl>> wrote:
> >
> > Hi Pawel,
> >
> > I dont think I can check the recipient, if it doesnt exist the
> > mailserver should send a normal bounce like every mailserver does,
> > right? So does the primary machine (Exchange) I dont see a
> > problem with
> > that.
> >
> > Do you know if there is another good setup without having to sync
> > all my
> > antispam stuff to my second MX? I would really just use forwarding
> if
> > that is possible. Can I not rewrite the last "Received" header? That
> > should work maybe?
> >
> >
> >
> > You dont have to, add your secondary mx to trusted_networks on the
> > primary and it will know the fact to do the RBL lookups on the host
> > that sent the mail to the secondary MX rather than the secondary mx
> > itself.
> >
> > Ben
> >
> > Kind regards,
> >
> > Rense
> >
> > Pawel Sasin wrote:
> > > Hi
> > >> I cannot utilize the trusted_networks settings because I cannot
> > trust
> > >> the mail that my backup MX sends to me.
> > >>
> > >> The backup MX does NO filtering at all, it just accepts ALL
> > mail that
> > >> has a certain destination domain and then forwards it to the
> > Primary
> > >> MX where SA is running, SA is doing all the filtering and
> > >> white/black/grey-listing.
> > >>
> > >> When SA is down (the Pri MX), it will just hold it until it
> > gets back
> > >> up. So basically all mail that comes from my second MX should be
> > >> checked for spam and virus, it has not capabilities of it's
> > own. It's
> > >> working like a charm were it not for my black/white/grey-lists
> and
> > >> the RBL's now all do lookups on the last known IP which is my
> > >> secondary MX.
> > >>
> > >> I don't think I am the first to utilize this method of
> > redundancy so
> > >> I figured there must be a way, I just dont know how :)
> > >> So please advice further, your (and everyones) help is greatly
> > >> appreciated.
> > >
> > > SA checks all 'Received' headers against RBLs.
> > >
> > > If you add secondary MX to trusted_networks, SA will just skip the
> > > header from your exim and continue with the rest.
> > >
> > > But there is another problem with such config:
> > > 1. see the numbers here http://nolisting.org/
> > > 2. does your dumb exim (secondary mx) check if the recipent
> address
> > > exists?
> > >
> > > If not you will end up sending tons of bounce messages to innocent
> > > people from your secondary MX. Even if it does, your primary MX
> can
> > > refuse a spammy message and then you will be generating even more
> > > bounce messages. This is not acceptable and you will end up in
> some
> > > RBLs yourself.
> > >
> >
> >
> > --
> > Met vriendelijke groeten,
> >
> > Rense Buijen
> > Chess Service Management
> > Tel.: 023-5149250
> > Email: Servicedesk@chess.nl <mailto:Servicedesk@chess.nl>
> >
> >
> >
> >
> > --
> > "A Scientist will earn a living by taking a really difficult problem
> > and spends many years solving it, an engineer earns a living by
> > finding really difficult problems and side stepping them"
>
>
> --
> Met vriendelijke groeten,
>
> Rense Buijen
> Chess Service Management
> Tel.: 023-5149250
> Email: Servicedesk@chess.nl
>
>

-- 
"A Scientist will earn a living by taking a really difficult problem and
spends many years solving it, an engineer earns a living by finding really
difficult problems and side stepping them"