Postscreen Exchanger policy Question

[Marko Weber]

hi list,


Under MAIL EXCHANGER POLICY TESTS
i see this:

 By  listening  on  both  primary  and backup MX addresses,
   postscreen(8) can deny the temporary whitelist  status  to
   clients that connect only to backup MX hosts.

I dont get it at all.
When my backup MX is not on the same Server as postfix,
how can it listen to the backup mx adress?

or do i get this totally wrong?

marko

Re: Postscreen Exchanger policy Question

[Wietse Venema]

Marko Weber:
 hi list,
 
 
 Under MAIL EXCHANGER POLICY TESTS
 i see this:
 
   By  listening  on  both  primary  and backup MX addresses,

As the text says, for this feature to work, postscreen listens on
both the primary and the backup IP address.

If the primary and the backup IP address belong to different MTAs,
these MTAs would have to share the postscreen cache; currently,
that is supported only with memcache databases.

Cache sharing between MTAs has obvious scaling limits. The MX
exchanger policy enforcement feature is not meant for large
corporate networks. It works well for small sites like mine.

Wietse