Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Backup MX: verifying addresses

2006-12-08 by Oliver Fromme

Hi,

I'm sorry this is somewhat off-topic because it's not
directly related to milter-greylist.  But it has to do
with anti-spam and milters in general, and there seem
to be a lot of knowledgeable people about those topics
in this list ...

There's a mailserver (primary MX) with a bunch of users.
It's using milter-greylist, greet_pause, some custom-made
filtering with maildrop and some other things, and it's
working quite well.

Now the problem:  There's a backup MX (secondary) whose
sole purpose is to accept and spool mails if the primary
MX is down for some reason, and then send the queued stuff
to the primary when it's up again.  The secondary doesn't
know about valis users on the primary, so it accepts _all_
mails.  Most of them is spam or spam-probes to non-existing
addresses.  (Spammers seem to prefer secondaries even if the
primary MX is available ...  Maybe they think that on backup
mail servers there are less anti-spam measures.  Or maybe
they simply don't care about the MX priorities and send
their crap to a random MX.)

Of course, what happens is this:  As soon as the secondary
tries to relay the mails to the primary, it gets a "user
unknow" reply, which leads to a bounce message which is
either sent back to innocent people (because of forged
sender addresses) or stays in the mailq on the secondary
for a long time (because the bounce cannot be delivered to
the sender for various reasons).

So the reuslt of the situation is that the secondary gets
a huge mail queue which is full of bounces that never will
be delivered (and expire after five days, generating post-
master mails).  And furthermore, the seondary is sending
lots of bogus delivery errors to innocent people.

Is there a _simple_ solution to solve the problem?

Of course, one possibility would be to duplicate all users,
aliases, virtusertable etc. from the primary to the secon-
dary's virtusertable, so it knows all valid addresses.  But
I don't want to do that, because the secondary shouldn't
know about users on the primary (both are operated by
different people that don't need to know each other).
It would also make administration much more difficult,
because whenever an alias or user is added or changed,
I would need to arrange for the same change on the
secondary.  (In case of multiple backup MX servers it
gets even worse.)

My idea is to have a milter that tells the secondary's
sendmail which addresses are valid on the primary.  For
that purpose, it would connect to the primary and perform
a VRFY on the address.  The milter could cache the result
for a few minutes, so the load on the primary would be
reduced.  If the primary is down, the milter would have
to accept all addresses, of course (unless they're cached
to be invalid).

Does such a milter exist?  I searched Google up and down,
but couldn't find anything.  Or are there different
solutions for the problem that I overlooked so far?

Best regards
   Oliver

PS:  VRFY is usually disabled via PrivacyOptions in send-
mail, but I think it's possible to enable it for certain
hosts only via Srv_Features in access.db.  I haven't tried
that myself, though.

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"Life is short (You need Python)"
        -- Bruce Eckel, ANSI C++ Comitee member, author
           of "Thinking in C++" and "Thinking in Java"

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.