Paul Cocker wrote:
Referring to the uppercase, I assume this is based around both machines
passing directly to the internal server. If, as we do, the secondary
forwards the mail onto the primary (which skips the secondary's headers
and examines those that came before) then such validation is not a
requirement to "good behaviour", correct?
you're still not getting it. you must implement recipient validation on
all servers that get connections from untrusted sources. period. it
doesn't matter if you call the server "secondary", "primary" or
"Virginia". the server must either have a copy of the list of valid
recipients or use reject_unverified_recipient.
when your secondary accepts a transaction, it queues the message and
will later pass it to the primary. this doesn't happen during the smtp
transaction. This is the famous "store and forward" mechanism. so if the
primary rejects a recipient, your secondary would generate a bounce. and
this is the thing we don't want. we want your secondary to reject (not
bounce).
http://spamlinks.net/prevent-secure-backscatter.htm
