I don't know in details how this is working on sambar, but I don't see any major treats for abuse.
What Sambat dos is to relay to that domain - not from. But your right, anyone can send to this domain using the backup server first in sted of the main server. And this can (and will) be used by spammers - the result may be, that rbl chek on the main server migth not get the spam mail. I see that often, when I have put a backup server in my mx-record. A solution is to use a backup server with the same rbl chek as your own - if posseble. Or Tod can add the possebility to chek more than the last ip in the header (he promised to have this in mind - maybe for the 6.0). Claus On 13/Mar/2003 11:24:38, M. Skeoch \(CDS\) wrote: > This should work, and some ISP's do it this way. However, I have only > seen this done on a secured Intranet. If this is done over the open > Internet then anyone can masquerade as *whatever.com and relay messages > through the backup server. You will have to remove SMTP auth and add > additional restriction rules (only accept relay from [this ip]) to > combat this. But this might kill your ability to accept mail for your > own domain. > > I believe you will have to have a dedicated backup machine for this to > work properly. > > I am not aware of the full capability of the Sambar MX. All the mail > servers I have dealt with require auth on any relay via IP or login (or > both) when SMTP auth is on. > > Matt. > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Claus Lund > Sent: March 13, 2003 10:45 AM > To: sambar List Member > Subject: [sambar] relay {11} > > No need to make this so complicated... > > 1. > The guy who need the mail backup add a second mx-record for he's domian > pointing to the backup server. When he's server (the first mx-record) is > down the mail will be sent to the backup server. > > 2. > At the backup server running Sambar just add the domain to mail.ini -> > Relay Domains. When mails for this domain is recived on the backup > server, the backup server will try to send (relay) it to the recipient. > The backup server will repeat this every 2 (or 4?) hour for 2 days, or > until the mail is sent succesfully. > > This is the way to do it. It works for me, but I will like to run a > test, if one of you have a domain to test it on - and you can manage > your mx-record your selv. > > There may be problems with auth... > > But how many of you need to have users outside your lan sending trough > your server? If you don't need this I see no need for auth - correct me > if I'm wrong. > > Regards, Claus > > > On 13/Mar/2003 07:33:46, Danny Mallory wrote: > > Guys, > > I don't understand what relay domains has to do with MX.. All relay > domains is saying is let anyone with that domain in their from to send > mail(SMTP) through my server.. What Rodney is wanting to do is MX which > means he wants to receive the mail.. In that case Rodneys mail server > has to recognize the message as a Local Domain, and then he has to route > it to a local mailbox.. Now, after he gets the message he has to figure > out how to get the mail over to his buddies machine once his buddies > machine is back up and running. > > > > Now first thought for this, I would think his buddy would just run > some fetchers that constantly pull from Rodneys mailboxes, however, in > this case you would not ever want the users doing pop3 to Rodeys box > because potentially users would be stuck there(dns) while their mail is > on the other server. > > > > Another wild hair I could pull out is if both Rodney and his friends > mail servers were DNS servers(ns1,ns2).. Each with "different" mx and > smtp settings, so that if one of them were down, the other DNS server > would give different IP info to smtp and pop3's.. The downside to this > is those DNS cache resolvers in win2k world resulting in the same > downside as the previous paragraph. > > > > SMTP relaying(outbound) is easy.. The receiving part is where the pain > is. > > > > Danny > > > > On 13/Mar/2003 10:00:22, Claus Lund wrote: > > > No, I don't "require auth". I restrict relay to my lan only, and > don't see the need for it. And I'm not a open relay - I'm very aware of > that problem. > > > > > > Maybe "require auth" is your problem as Matt mention to... > > > > > > The 5.3 prod. will be out in e few weeks I belive... maybe it will > do it for you... or maybe it's just the same :) > > > > > > Claus > > > > > > On 13/Mar/2003 01:49:24, Rodney Richison wrote: > > > > You got it. That is what I want to do. I only want to do backup mx > service > > > > for him. Am using version 5.2. The option is there. I tried a beta > before on > > > > the production server and swore I'd never do that again. :) > > > > > > > > Let me ask you something. Do you have "require auth" enabled on > these test > > > > machines? Just curious. > > > > > > > > > > > > Highest Regards, > > > > __________________________________________________________________ > Rodney > > > > Richison 918-358-1111 www.rcrnet.net + > > > > __________________________________________________________________ > > > > ----- Original Message ----- > > > > From: "Claus Lund" <[EMAIL PROTECTED]> > > > > To: "sambar List Member" <[EMAIL PROTECTED]> > > > > Sent: Thursday, March 13, 2003 1:20 AM > > > > Subject: [sambar] relay {07} > > > > > > > > > > > > > I belive "Relay Domains" is a new feature in the 5.3 betas, and > I have > > > > been testing it on 2 servers of my own, using one of the latest > releases. > > > > > > > > > > You just have to add the domain you want to act as bacup for in > the > > > > mail.ini -> Relay Domains. And don't add in as Local Domains. > > > > > > > > > > And for the domain that need the backup, you have to add you > backup server > > > > in the mx record. > > > > > > > > > > I worked fine for me, but I would like to test it for a server > outside my > > > > lan, so if some one here have a domain for testing, let me know. > > > > > > > > > > What Sambar version are you using Rodney? > > > > > > > > > > Regards, Claus > > > > > > > > > > On 13/Mar/2003 00:22:43, Danny Mallory wrote: > > > > > > You are somewhat correct in that your mail server could be > used as a > > > > outbound mail relay.. Meaning.. If he goes down then his users > could use you > > > > as an SMTP server to send mail out(allow relaying).. However the > check you > > > > are doing is apparently resolving your ip as one of the MX > exchangers which > > > > means that you are also supposed to be accepting mail for him.. If > that is > > > > the case then you need to setup his accounts so that your mail > server will > > > > accept his mailboxes.. Then figure out how to push the mail back > to his > > > > server when hes back up. Including postmaster.. Hopefully someone > else here > > > > can speak up if I am out of line on making all this work > seamlessly to the > > > > client. > > > > > > > > > > > > Danny > > > > > > > > > > > > On 12/Mar/2003 23:50:26, Rodney Richison wrote: > > > > > > > Ok, Let me start all over. > > > > > > > > > > > > > > I've a buddy that wants to host his own mail. He wants me to > be a > > > > backup > > > > > > > mail server for him in case he goes down for awhile. > > > > > > > > > > > > > > From what I see in the docs, you should simply put > *fineimages.com in > > > > the > > > > > > > relay domains. At that point, any and all mail destined for > > > > fineimages.com > > > > > > > should be forwarded to his server. This is not happening. > Instead, > > > > sambar is > > > > > > > rejecting the mail saying the user doesn't exist. There are > no users > > > > on my > > > > > > > system for fineimages.com. I'm just doing backup relay for > him. Or > > > > trying > > > > > > > to... > > > > > > > > > > > > > > > > > > > > > > > > > > > > Highest Regards, > > > > > > > > __________________________________________________________________ > > > > Rodney > > > > > > > Richison 918-358-1111 www.rcrnet.net + > > > > > > > > __________________________________________________________________ > > > > > > > ----- Original Message ----- > > > > > > > From: "Danny Mallory" <[EMAIL PROTECTED]> > > > > > > > To: "sambar List Member" <[EMAIL PROTECTED]> > > > > > > > Sent: Wednesday, March 12, 2003 11:28 PM > > > > > > > Subject: [sambar] relay {04} > > > > > > > > > > > > > > > > > > > > > > Maybe I am not clear of what all your issues are.. > Basically your > > > > email > > > > > > > states that you were getting rejects for postmaster.. This > is because > > > > the > > > > > > > mail server that is being delivered to either > > > > > > > > a:) does not accept mail for that domain (local domain > list) > > > > > > > > b:) does not have a generic postmaster accept. > > > > > > > > > > > > > > > > My statement was that you either have to create a > > > > [EMAIL PROTECTED] > > > > > > > for each of your domains or just create a alias as I > mentioned that > > > > will > > > > > > > accept [EMAIL PROTECTED] > > > > > > > > > > > > > > > > Is there something else broken that im not seeing in your > message? > > > > > > > > > > > > > > > > Danny > > > > > > > > > > > > > > > > > > > > > > > > On 12/Mar/2003 23:11:43, Rodney Richison wrote: > > > > > > > > > Hi Danny, > > > > > > > > > > > > > > > > > > I was not clear. Since I'm doing backup mx for him, > shouldn't my > > > > machine > > > > > > > > > accept ANY mail going to fineimages.com and hold it for > him? I > > > > should > > > > > > > have > > > > > > > > > to set up any mail accounts for him right? > > > > > > > > > > > > > > > > > > I put him in local domains to see if that will help. > Dang it, I > > > > know > > > > > > > this is > > > > > > > > > simple. I'm just not seeing the light! > > > > > > > > > > > > > > > > > > Highest Regards, > > > > > > > > > > __________________________________________________________________ > > > > > > > Rodney > > > > > > > > > Richison 918-358-1111 <A > > > > HREF="http://www.rcrnet.net";>www.rcrnet.net</a> > > > > > > > + > > > > > > > > > > __________________________________________________________________ > > > > > > > > > ----- Original Message ----- > > > > > > > > > From: "Danny Mallory" <[EMAIL PROTECTED]> > > > > > > > > > To: "sambar List Member" <[EMAIL PROTECTED]> > > > > > > > > > Sent: Wednesday, March 12, 2003 10:36 PM > > > > > > > > > Subject: [sambar] relay {02} > > > > > > > > > > > > > > > > > > > > > > > > > > > > create an email alias to cover all your domains. > > > > > > > > > > ie; > > > > > > > > > > postmaster = [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > It is an RFC requirement for both your mail server and > your dns > > > > > > > servers to > > > > > > > > > report/allow an authorized administrator. > > > > > > > > > > > > > > > > > > > > Danny > > > > > > > > > > > > > > > > > > > > On 12/Mar/2003 18:26:22, Rodney Richison wrote: > > > > > > > > > > > Want to set up backup mx for another guy. Though I > entered > > > > them in > > > > > > > the > > > > > > > > > > > relay domain, sambar is giving this: > > > > > > > > > > > > > > > > > > > > > > ************************************************* > > > > > > > > > > > ERROR: One or more of your mailservers does not > accept mail to > > > > > > > > > > > [EMAIL PROTECTED] Mailservers are required > (RFC822 > > > > 6.3, > > > > > > > RFC1123 > > > > > > > > > > > 5.2.7, and RFC2821 4.5.1) to accept mail to > postmaster. > > > > > > > > > > > > > > > > > > > > > > mailserv.rcrnet.net's postmaster response: > > > > > > > > > > > > > > > > > > > > > > >>> RCPT TO: <[EMAIL PROTECTED]> > > > > > > > > > > > > > > > > > > > > > > <<< 501 Invalid mail recipient. Relay requires SMTP > AUTH. > > > > > > > > > > > *************************************************** > > > > > > > > > > > > > > > > > > > > > > What am I forgetting to do gentlemen? > > > > > > > > > > > > ------------------------------------------------------- > > > > > > > > > > > To unsubscribe please go to <A TARGET="_blank" > > > > > > > > > > HREF="http://www.sambar.ch/list/";>http://www.sambar.ch/list/</a> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > > > > > > > To unsubscribe please go to <A TARGET="_blank" > > > > > > > > HREF="http://www.sambar.ch/list/";>http://www.sambar.ch/list/</a> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > > > > > > To unsubscribe please go to <A TARGET="_blank" > > > > > > > > HREF="http://www.sambar.ch/list/";>http://www.sambar.ch/list/</a> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > > > > > To unsubscribe please go to http://www.sambar.ch/list/ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > > > > To unsubscribe please go to http://www.sambar.ch/list/ > > > > > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > > > To unsubscribe please go to http://www.sambar.ch/list/ > > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > > To unsubscribe please go to http://www.sambar.ch/list/ > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > To unsubscribe please go to http://www.sambar.ch/list/ > > > > > > > > > > > > > > > ------------------------------------------------------- > > > To unsubscribe please go to http://www.sambar.ch/list/ > > > > > > > > > > > ------------------------------------------------------- > > To unsubscribe please go to http://www.sambar.ch/list/ > > > > > > > ------------------------------------------------------- > To unsubscribe please go to http://www.sambar.ch/list/ > ------------------------------------------------------- > To unsubscribe please go to http://www.sambar.ch/list/ > > > ------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/
