On Tue, May 19, 2009 at 1:58 PM, Noel Jones <njo...@megan.vbhcs.org> wrote:
> > <post...@corwyn.net> >> >> Won't the mail just be forwarded to the primary mail server, who can >> reject it there? >> > > ... which then causes your server to generate a bounce to the (often > forged) envelope sender. Your queue will be clogged with undeliverable > bounces, choking performance for legit mail. > Eventually you will deliver enough mail to f orged senders that your server will be blacklisted as an > outscatter/backscatter source. > I'm still not clear on how this is different than "normal". Let's say I use a gmail account, and send it directly to my domain/main mail server (Microsoft Exchange) to an invalid address. I get the following bounce-back: Delivered-To: testacco...@gmail.com Received: by 10.220.74.197 with SMTP id v5cs94260vcj; Fri, 22 May 2009 12:05:35 -0700 (PDT) Received: by 10.224.2.212 with SMTP id 20mr4273331qak.343.1243019135083; Fri, 22 May 2009 12:05:35 -0700 (PDT) Return-Path: <> Received: from webmail.int.example.com (Webmail2.example.com [x.x.x.x]) by mx.google.com with ESMTP id 5si4116455qwg.29.2009.05.22.12.05.28; Fri, 22 May 2009 12:05:34 -0700 (PDT) Received-SPF: pass (google.com: domain of webmail.int.example.com designates x.x.x.x as permitted sender) client-ip=x.x.x.x; Authentication-Results: mx.google.com; spf=pass (google.com: domain of webmail.int.example.com designates x.x.x.x as permitted sender) smtp.mail= Received: from (unknown [10.10.20.150]) by webshield3200.int.example.comwith smtp id 2198_176c0290_46ff_11de_b524_001422234860; Fri, 22 May 2009 14:33:50 -0400 From: postmas...@example.com To: testacco...@gmail.com Date: Fri, 22 May 2009 15:05:26 -0400 MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="9B095B5ADSN=_01C9A571EDB220B2000062B8webmail.int.i" X-DSNContext: 335a7efd - 4523 - 00000001 - 80040546 Message-ID: <hn7lwxkxf00002...@webmail.int.example.com> Subject: Delivery Status Notification (Failure) Pretty much what I expect. But let's say I set up my postfix mail server with the changes discussed above and telnet into it (don't feel like updating DNS for a secondary MX). Mail sent to a valid address works just fine (yay!). When I send mail to my domain with an invalid address, again, I get a bounceback, but it looks pretty much like the original bounceback when sent directly: Delivered-To: testacco...@gmail.com Received: by 10.220.74.197 with SMTP id v5cs93288vcj; Fri, 22 May 2009 11:56:18 -0700 (PDT) Received: by 10.151.72.1 with SMTP id z1mr8254952ybk.170.1243018577774; Fri, 22 May 2009 11:56:17 -0700 (PDT) Return-Path: <> Received: from webmail.int.example.com (Webmail2.example.com [x.x.x.x]) by mx.google.com with ESMTP id 23si7742750gxk.58.2009.05.22.11.56.17; Fri, 22 May 2009 11:56:17 -0700 (PDT) Received-SPF: pass (google.com: domain of webmail.int.example.com designates x.x.x.x as permitted sender) client-ip=x.x.x.x; Authentication-Results: mx.google.com; spf=pass (google.com: domain of webmail.int.example.com designates x.x.x.x as permitted sender) smtp.mail= Received: from (unknown [10.10.20.150]) by webshield3200.int.example.comwith smtp id 21e4_cf39f690_46fd_11de_88a2_001422234860; Fri, 22 May 2009 14:24:39 -0400 From: postmas...@example.com To: testacco...@gmail.com Date: Fri, 22 May 2009 14:56:15 -0400 MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="9B095B5ADSN=_01C9A571EDB220B2000062B1webmail.int.i" X-DSNContext: 335a7efd - 4523 - 00000001 - 80040546 Message-ID: <ivswsrlry00002...@webmail.int.example.com> Subject: Delivery Status Notification (Failure) So the behavior is the same when I use the primary with an invalid address, or if I use the secondary with an invalid address. How am I becoming an increased source of backscatter? If the answer is, "your exchange server config is broken" well, perhaps, but I didnt' set up (or own) that box. Setting up postfix as a secondary won't break anything any worse than it already is, right? rick Rick