Found this new post at Directadmin Knowledgebase, so thought that everybody here should check it out, looks good and easy too
http://help.directadmin.com/item.php?id=167
http://help.directadmin.com/item.php?id=167
How to setup exim as a backup MX server
- Thread starter albatroz
- Start date
nobaloney
NoBaloney Internet Svcs - In Memoriam †
This will certainly allow exim on your DA server to accept email for these domains, but it won't check to make sure the mailboxes really exist.
I believe that this may, in the case of a dictionary spam attack, cause a lot of collateral spam as your server attempts to send notices back to senders who never sent it.
I've written John and have asked him to comment on what he feels the ramifications may be.
Jeff
I believe that this may, in the case of a dictionary spam attack, cause a lot of collateral spam as your server attempts to send notices back to senders who never sent it.
I've written John and have asked him to comment on what he feels the ramifications may be.
Jeff
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Ok, I agree. Isn't that the only time it's important for a backup MX? Personally I won't run any kind of backup MX that doesn't properly handle spam. If you want to, then tell me what you plan on doing with it if you collect it on your backup MX server for users that don't exist. Are you going to try to return it? (Warning, if you do, you'll end up on blocklists rather quickly), or are you going to throw it away (in which case you're in violation of RFCs)?
To me these are important issues; they may not be to you.
Jeff
To me these are important issues; they may not be to you.
Jeff
nobaloney
NoBaloney Internet Svcs - In Memoriam †
I don't use backup mx servers. Since according to RFCs you get up to four days of delivery attempts before undeliverable mail is returned, and since I've never had a mailserver down nearly that long, I just don't see the reason.
No, it's not against the RFCs to disregard the non-valid user. Not when you accept the mail.
But once you accept the mail you're responsible for either delivering it or returning it.
So once your main server comes back up and you deliver the email to the main server, if the user doesn't exist, then it won't accept the email. Now you've got a piece of mail you can't deliver. Can you return it? Sure. But if it's spam, it came from a forged address. So when you think you're returning it, what you're really doing is called spamming the innocent user who had the misfortune of having his email address forged.
When you do that to us and lots of admins like us, who take spam seriously, you get into several blocklists very quickly, because that's the second largest source of spam on the Internet.
Jeff
No, it's not against the RFCs to disregard the non-valid user. Not when you accept the mail.
But once you accept the mail you're responsible for either delivering it or returning it.
So once your main server comes back up and you deliver the email to the main server, if the user doesn't exist, then it won't accept the email. Now you've got a piece of mail you can't deliver. Can you return it? Sure. But if it's spam, it came from a forged address. So when you think you're returning it, what you're really doing is called spamming the innocent user who had the misfortune of having his email address forged.
When you do that to us and lots of admins like us, who take spam seriously, you get into several blocklists very quickly, because that's the second largest source of spam on the Internet.
Jeff
danellison
Verified User
Very interesting discussion. I understand exactly what jlasman is saying here and his points are dead on. None the less, I have a situation where I think that a backup mx is required for at least a short period of time during a migration from one service to another.
Will the exim setting "require_verify" help with this situation at all j? I am so new to exim I don't know where this test is taking place in the process or how dependable it is
Thanks!
Dan Ellison,
Concepte of Illinois
Will the exim setting "require_verify" help with this situation at all j? I am so new to exim I don't know where this test is taking place in the process or how dependable it is
Thanks!
Dan Ellison,
Concepte of Illinois
sender verify will drop a percentage of the spam, however like Jeff said, spammers can use valid forged email addresses, there for, once your backup mx delivers the mail to your primary mx and your primary mx, says undeliverable, it will then spam that persons email address, which your secondary mx said was actually valid.
The best, safe and only way this should really be implemented is with a list of email addresses that you will only accept email for on your seconday mx which are valid on your primary
The best, safe and only way this should really be implemented is with a list of email addresses that you will only accept email for on your seconday mx which are valid on your primary
Very interesting discussion. I understand exactly what jlasman is saying here and his points are dead on. None the less, I have a situation where I think that a backup mx is required for at least a short period of time during a migration from one service to another.
Will the exim setting "require_verify" help with this situation at all j? I am so new to exim I don't know where this test is taking place in the process or how dependable it is
Thanks!
Dan Ellison,
Concepte of Illinois
nobaloney
NoBaloney Internet Svcs - In Memoriam †
No, in a properly configured exim server (in other words if you're using any of the exim.conf files we've delivered within the past several years, we don't bounce forged email; we check to see if the user exists, and if not, we don't accept the mail.
Subtle difference? Maybe to you, but to the Internet it saves tens of millions of spams daily from being sent.
Jeff
Subtle difference? Maybe to you, but to the Internet it saves tens of millions of spams daily from being sent.
Jeff
OK, been digging around and found some info that might be helpful
Found at this URL:
EximSecondary
I think that is getting closer to what I am looking for (and maybe others)
Found at this URL:
EximSecondary
I think that is getting closer to what I am looking for (and maybe others)
nobaloney
NoBaloney Internet Svcs - In Memoriam †
First: this suggestion will only work as written if you're using the exim files supplied by Debian. You're not, even if you've got a debian server. DirectAdmin uses it's own modified version of exim so as to deal with DirectAdmin's various features including multiple virtual domains.
Second: this really doesn't do much. Do you know the purpose of the local_rcpt_callout file? If not, look here.
Then look here for an explanation of the purpose of recipient callout (scroll down and look for Recipient Callout Verification).
The purpose of recipient callout verification is to make sure that an eventual recipient (i.e., for a forwarded email) is available so you don't end up freezing lots of messages in your queue. When your eventual recipient server is down the code you've suggested will simply delay the receipt of the message.
In the case of a backup server, it won't even be used unless the recipient server is down. So all incoming email will be delayed, and after four hours a message will be sent to the sender letting him/her know that the mail is being delayed. It will be tried for up to four days and then returned to the sender.
Which is exactly what a normally functioning server does now if you don't have a backup mx server.
I still don't see any reason to have a backup mx server.
And in case you were wondering, we don't implement this code in DA to help in it's original purpose because of the complexity in keeping up with all the various forwarding addresses; it works best in a small single-domain environment where the sysadmin keeps track of all email addresses on the server.
Jeff
Second: this really doesn't do much. Do you know the purpose of the local_rcpt_callout file? If not, look here.
Then look here for an explanation of the purpose of recipient callout (scroll down and look for Recipient Callout Verification).
The purpose of recipient callout verification is to make sure that an eventual recipient (i.e., for a forwarded email) is available so you don't end up freezing lots of messages in your queue. When your eventual recipient server is down the code you've suggested will simply delay the receipt of the message.
In the case of a backup server, it won't even be used unless the recipient server is down. So all incoming email will be delayed, and after four hours a message will be sent to the sender letting him/her know that the mail is being delayed. It will be tried for up to four days and then returned to the sender.
Which is exactly what a normally functioning server does now if you don't have a backup mx server.
I still don't see any reason to have a backup mx server.
And in case you were wondering, we don't implement this code in DA to help in it's original purpose because of the complexity in keeping up with all the various forwarding addresses; it works best in a small single-domain environment where the sysadmin keeps track of all email addresses on the server.
Jeff
nobaloney
NoBaloney Internet Svcs - In Memoriam †
You're absolutely right.
But what exactly is the value of a backup MX server that's going to do exactly the same thing as not having it is going to do:
Email will be delayed for up to four hours by the backup server, because it doesn't know if the email address is valid on the main server. After that four hours the sender is going to be notified daily for up to four days. After four days, the email is going to be delayed forever with a notice to the original sender every 24 hours.
And the advantage of this is?
Thanks.
Jeff
But what exactly is the value of a backup MX server that's going to do exactly the same thing as not having it is going to do:
Email will be delayed for up to four hours by the backup server, because it doesn't know if the email address is valid on the main server. After that four hours the sender is going to be notified daily for up to four days. After four days, the email is going to be delayed forever with a notice to the original sender every 24 hours.
And the advantage of this is?
Thanks.
Jeff
Personally, assuming that every other mail server is "doing the right thing" is a foolish stance to take. I know many mail server do _not_ spool undeliverable email for 4 days, like during an outage. I recently had a 16 hour outage and can state as a matter of fact that many emails were being returned to the senders after just 2 hours, by various ISPs.
To many people, email is business and business is money. Investigating methods to ensure that my customers get their email is all I am doing here.
Again, I know your opinion differs.
To many people, email is business and business is money. Investigating methods to ensure that my customers get their email is all I am doing here.
Again, I know your opinion differs.
Thanks! Exactly what I was looking for!
I was having the problem where I was being unable to verify recipients for the machines I was doing secondary MX for and was therefore generating backscatter.... thanks to all; this exim config worked exactly right for me.
I was having the problem where I was being unable to verify recipients for the machines I was doing secondary MX for and was therefore generating backscatter.... thanks to all; this exim config worked exactly right for me.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
mjk,
Now, a year later, I see some value in backup MX, but I still don't know how to easily implement it.
wmjosiah,
Do you avoid generating backscatter, and still get proper delivery, even when those primary MX servers are down?
If so, are you running DirectAdmin?
Thanks.
Jeff
Now, a year later, I see some value in backup MX, but I still don't know how to easily implement it.
wmjosiah,
Do you avoid generating backscatter, and still get proper delivery, even when those primary MX servers are down?
If so, are you running DirectAdmin?
Thanks.
Jeff