[pfx] Re: delivery loop?
On 2023-05-22 at 19:53:11 UTC-0400 (Tue, 23 May 2023 07:53:11 +0800) Tom Reed via Postfix-users is rumored to have said: PS: Why do you (think you) need a backup MX? Hello I am not sure why I need a backup mx indeed, If you don't know why you want the added complexity, you do not want the added complexity. (See Also: "Cargo Cult") but if you make a simple dig, you find gmail, fastmail, protonmail, comcast, free.fr those big providers do have backup MXs. And they handle thousands of simultaneous SMTP sessions 24x7x365. Do you need that sort of scale? Though yahoo, outlook don't have backup MX as a comparison. Right, because multiple MXs are really NOT made necessary by scale, that's just a feature of some possible scaling architectures. The historical justification for the complexity of MX records was the Internet of the 1980s. That complexity (or robustness, if you prefer) turned out to be useful in the scaling of mail to hundreds of millions of users in thousands of domains in essentially unified systems with very high availability to 100% of the open Internet. If you do not have connectivity like the 1980s or scale like Google or GMX, you should have some *architectural* justification for a backup MX. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: delivery loop?
Hello. It really depends on your mail volume and the reliability of your primary MX hostname. Typically the RFC permits mail to be delayed for up to 5 days at which mail will bounce back as undeliverable. For most low-volume sites, a primary only MX configuration is fine. Both of those domains have either Round-Robin DNS or multiple MX servers which provide a similar function. outlook.com mail is handled by 5 outlook-com.olc.protection.outlook.com. outlook-com.olc.protection.outlook.com has address 104.47.14.33 outlook-com.olc.protection.outlook.com has address 104.47.13.33 Yahoo has multiple server weight 1 servers providing redunancy. yahoo.com mail is handled by 1 mta6.am0.yahoodns.net. yahoo.com mail is handled by 1 mta5.am0.yahoodns.net. yahoo.com mail is handled by 1 mta7.am0.yahoodns.net Thanks Matthew On 5/22/2023 6:53 PM, Tom Reed via Postfix-users wrote: PS: Why do you (think you) need a backup MX? Hello I am not sure why I need a backup mx indeed, but if you make a simple dig, you find gmail, fastmail, protonmail, comcast, free.fr those big providers do have backup MXs. Though yahoo, outlook don't have backup MX as a comparison.___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: delivery loop?
Tom Reed via Postfix-users skrev den 2023-05-23 01:53: I am not sure why I need a backup mx indeed, but if you make a simple dig, you find gmail, fastmail, protonmail, comcast, free.fr those big providers do have backup MXs. Though yahoo, outlook don't have backup MX as a comparison. one mx can have miltiple hostnames, one domain can have multiple hostnames/a//mx, what is backup mx for you ? my defination is if over 5 days should be catched on backup mx, then on recipient need a backup-mx host that have max query lifetime longer then 5 days, else its waste of resources gmail.com have over 30 spf ipv4 addresses, not counting ipv6, what if 30+ ipv4 is down at the same time should google just use all there listed ipv6 as backup-mx then ? :) ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: delivery loop?
> > PS: Why do you (think you) need a backup MX? Hello I am not sure why I need a backup mx indeed, but if you make a simple dig, you find gmail, fastmail, protonmail, comcast, free.fr those big providers do have backup MXs. Though yahoo, outlook don't have backup MX as a comparison. regards. -- sent from https://dkinbox.com/ ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: delivery loop?
Thank you Victor, you are the embodiment of truth. > On Mon, May 22, 2023 at 08:26:19PM +0800, Tom Reed via Postfix-users > wrote: > >> 1. postfix is a backup MX for foo.com >> 2. this postfix uses other MTA as relay_host > > This would be a misconfiguration. A backup MX host MUST NOT be an > effective null client that relays *all* non-local mail to a "smarthost" > relay. Rather, a backup MX host MUST be at least smart enough to > relay mail for the domain(s) in question to better (lower) preference > MX hosts. > > The best way to do this, is to configure an explicit nexthop in > default_transport, and be sure to leave relayhost empty. > > main.cf: > # MUST be empty, to avoid backup MX domain loops. > relayhost = > relay_domains = foo.com > > # Regularly updated list of valid foo.com (and any other relay > # domain) recipients: > relay_recipient_maps = ... > > # Replace "smarthost.example" with actual default relayhost. > default_transport = smtp:smarthost.example > > Relay domains will use "relay_transport" (default "relay", which is > a clone of "smtp"), so will not in error use the smarhost. > > -- > Viktor. > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org > -- sent from https://dkinbox.com/ ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: delivery loop?
Tom Reed via Postfix-users: > Hello list, > > Given the case that: > > 1. postfix is a backup MX for foo.com > 2. this postfix uses other MTA as relay_host Please don't do that. By design a Postfix backup MX host will deliver to an MX host with a 'better' MX preference. You are frustrating that logic with your relayhost setting. As others have mentioned, you can override your relayhost override with a transprt_maps override, but double overrides are silly. Wietse ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: delivery loop?
On 22.05.23 20:26, Tom Reed via Postfix-users wrote: Given the case that: 1. postfix is a backup MX for foo.com 2. this postfix uses other MTA as relay_host When the primary MX for foo.com is down, messages to u...@foo.com will be delivered into backup MX. And, backup MX delivers the message to relay_host, which find that primary MX can't be reachable, so relay_host deliver message to backup MX again. Will this delivery loop happen in real world? as I answered in my last mail in previous thread: https://marc.info/?l=postfix-users&m=168466205702341&w=2 you should set-up transport map for example.com directly to primary server to avoid this loop: example.com relay:[primary-mx.example.com] you have replied to my previous mail, which I didn't respond to, as I expected you to read my followup. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. WinError #98652: Operation completed successfully. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: delivery loop?
On Mon, May 22, 2023 at 08:26:19PM +0800, Tom Reed via Postfix-users wrote: > 1. postfix is a backup MX for foo.com > 2. this postfix uses other MTA as relay_host This would be a misconfiguration. A backup MX host MUST NOT be an effective null client that relays *all* non-local mail to a "smarthost" relay. Rather, a backup MX host MUST be at least smart enough to relay mail for the domain(s) in question to better (lower) preference MX hosts. The best way to do this, is to configure an explicit nexthop in default_transport, and be sure to leave relayhost empty. main.cf: # MUST be empty, to avoid backup MX domain loops. relayhost = relay_domains = foo.com # Regularly updated list of valid foo.com (and any other relay # domain) recipients: relay_recipient_maps = ... # Replace "smarthost.example" with actual default relayhost. default_transport = smtp:smarthost.example Relay domains will use "relay_transport" (default "relay", which is a clone of "smtp"), so will not in error use the smarhost. -- Viktor. ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: delivery loop?
On 2023-05-22 at 08:36:49 UTC-0400 (Mon, 22 May 2023 14:36:49 +0200 (CEST)) Bernardo Reino via Postfix-users is rumored to have said: My world is only a very small subset of the real world :), but in that world, if I say that a given server is the MX for a domain, then that's that, it should not relay further. No. Historically, domains would be configured with multiple MX records pointing to diverse machines because one could not rely on perfect connectivity and in some cases it was actually more or less expensive (in resources or actual money) to route mail via one or another path. This is why MX records have a "cost" field, and it is expected that whichever MX host one relays to, it will end up in the same mailbox. Usually this means that higher-cost MX hosts relay messages with SMTP to the lowest-cost MX host, but not always. In the modern world, connectivity and individual host availability have become good enough for most cases that it is more trouble than it is worth to have diverse MX hosts with varied cost metrics. The use of multiple MX records has evolved into a mechanism for load balancing and availability in very large systems and playing standard-compliance games with spammers ("no-listing") for smaller systems. -- Bill Cole b...@scconsult.com or billc...@apache.org (AKA @grumpybozo and many *@billmail.scconsult.com addresses) Not Currently Available For Hire ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: delivery loop?
On Mon, 22 May 2023, Tom Reed via Postfix-users wrote: Given the case that: 1. postfix is a backup MX for foo.com 2. this postfix uses other MTA as relay_host When the primary MX for foo.com is down, messages to u...@foo.com will be delivered into backup MX. And, backup MX delivers the message to relay_host, which find that primary MX can't be reachable, so relay_host deliver message to backup MX again. I think the idea is that the MX for a given domain is expected to accept the mail, rather than relay it somewhere else. (Otherwise the other host should be the MX). But obviously, if your "other MTA" decides to send the mail to your "backup MX" then I'd say you can have a loop. Will this delivery loop happen in real world? My world is only a very small subset of the real world :), but in that world, if I say that a given server is the MX for a domain, then that's that, it should not relay further. Maybe others with more experience and/or a wider world can provide better info. Cheers. PS: Why do you (think you) need a backup MX? ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org