On Tue, May 19, 2009 at 1:58 PM, Noel Jones <njo...@megan.vbhcs.org> wrote:
>
> <post...@corwyn.net>
>>
>> Won't the mail just be forwarded to the primary mail server, who can
>> reject it there?
>>
>
> ... which then causes your server to generate a bounce to the (often
> forged) envelope sender. Your queue will be clogged with undeliverable
> bounces, choking performance for legit mail.
> Eventually you will deliver enough mail to f
orged senders that your server will be blacklisted as an
> outscatter/backscatter source.
>
I'm still not clear on how this is different than "normal".
Let's say I use a gmail account, and send it directly to my domain/main mail
server (Microsoft Exchange) to an invalid address. I get the following
bounce-back:
Delivered-To: testacco...@gmail.com
Received: by 10.220.74.197 with SMTP id v5cs94260vcj;
Fri, 22 May 2009 12:05:35 -0700 (PDT)
Received: by 10.224.2.212 with SMTP id 20mr4273331qak.343.1243019135083;
Fri, 22 May 2009 12:05:35 -0700 (PDT)
Return-Path: <>
Received: from webmail.int.example.com (Webmail2.example.com [x.x.x.x])
by mx.google.com with ESMTP id 5si4116455qwg.29.2009.05.22.12.05.28;
Fri, 22 May 2009 12:05:34 -0700 (PDT)
Received-SPF: pass (google.com: domain of webmail.int.example.com designates
x.x.x.x as permitted sender) client-ip=x.x.x.x;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
webmail.int.example.com designates x.x.x.x as permitted sender) smtp.mail=
Received: from (unknown [10.10.20.150]) by
webshield3200.int.example.comwith smtp
id 2198_176c0290_46ff_11de_b524_001422234860;
Fri, 22 May 2009 14:33:50 -0400
From: postmas...@example.com
To: testacco...@gmail.com
Date: Fri, 22 May 2009 15:05:26 -0400
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="9B095B5ADSN=_01C9A571EDB220B2000062B8webmail.int.i"
X-DSNContext: 335a7efd - 4523 - 00000001 - 80040546
Message-ID: <hn7lwxkxf00002...@webmail.int.example.com>
Subject: Delivery Status Notification (Failure)
Pretty much what I expect.
But let's say I set up my postfix mail server with the changes discussed
above and telnet into it (don't feel like updating DNS for a secondary MX).
Mail sent to a valid address works just fine (yay!).
When I send mail to my domain with an invalid address, again, I get a
bounceback, but it looks pretty much like the original bounceback when sent
directly:
Delivered-To: testacco...@gmail.com
Received: by 10.220.74.197 with SMTP id v5cs93288vcj;
Fri, 22 May 2009 11:56:18 -0700 (PDT)
Received: by 10.151.72.1 with SMTP id z1mr8254952ybk.170.1243018577774;
Fri, 22 May 2009 11:56:17 -0700 (PDT)
Return-Path: <>
Received: from webmail.int.example.com (Webmail2.example.com [x.x.x.x])
by mx.google.com with ESMTP id
23si7742750gxk.58.2009.05.22.11.56.17;
Fri, 22 May 2009 11:56:17 -0700 (PDT)
Received-SPF: pass (google.com: domain of webmail.int.example.com designates
x.x.x.x as permitted sender) client-ip=x.x.x.x;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
webmail.int.example.com designates x.x.x.x as permitted sender) smtp.mail=
Received: from (unknown [10.10.20.150]) by
webshield3200.int.example.comwith smtp
id 21e4_cf39f690_46fd_11de_88a2_001422234860;
Fri, 22 May 2009 14:24:39 -0400
From: postmas...@example.com
To: testacco...@gmail.com
Date: Fri, 22 May 2009 14:56:15 -0400
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="9B095B5ADSN=_01C9A571EDB220B2000062B1webmail.int.i"
X-DSNContext: 335a7efd - 4523 - 00000001 - 80040546
Message-ID: <ivswsrlry00002...@webmail.int.example.com>
Subject: Delivery Status Notification (Failure)
So the behavior is the same when I use the primary with an invalid address,
or if I use the secondary with an invalid address. How am I becoming an
increased source of backscatter?
If the answer is, "your exchange server config is broken" well, perhaps, but
I didnt' set up (or own) that box. Setting up postfix as a secondary won't
break anything any worse than it already is, right?
rick
Rick
