Re: Email forwarding and RBL trouble

Wed, 22 Aug 2007 05:56:55 -0700 

Hi Matthias,

Thank you for your (quick) reply.
I cannot utilize the trusted_networks settings because I cannot trust the mail that my backup MX sends to me. 


The backup MX does NO filtering at all, it just accepts ALL mail that 
has a certain destination domain and then forwards it to the Primary MX 
where SA is running, SA is doing all the filtering and 
white/black/grey-listing.



When SA is down (the Pri MX), it will just hold it until it gets back 
up. So basically all mail that comes from my second MX should be checked 
for spam and virus, it has not capabilities of it's own. It's working 
like a charm were it not for my black/white/grey-lists and the RBL's now 
all do lookups on the last known IP which is my secondary MX.



I don't think I am the first to utilize this method of redundancy so I 
figured there must be a way, I just dont know how :)

So please advice further, your (and everyones) help is greatly appreciated.

Kind regards,

Rense

Matthias Leisi wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Rense Buijen schrieb:


  

The problem now lies with the RBL's, when the SA box dies, the mail will
be queued on my Exim box and when service is restored, it will forward
it again BUT the last "Received from:" path will be of course the Exim
host IP. SA will then do a lookup on the wrong IP. Basically I want my
Exim box (second mx) to be invisible or need the headers to be rewritten
so Spamassassin does a correct lookup on the IP BEFORE it got to the SA.

    


trusted_networks, internal_networks etc. will make sure that your "main"
SA correctly recognises your backup box as trustworthy.


  

I've heard about SRS, I don't know precisely if that will do the trick
for me, anyone has some more information, tips or tricks? It's rather
complex matter and I can't find any good documentation on how to solve
this problem.

    


SRS is a completely different beast (basically it fixes forwarding which
is partially broken by SPF). As long as you only have troubles with IP
addresses, SRS would not solve any issue for you.

- -- Matthias

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFGzC5uxbHw2nyi/okRAgtsAJ9kyqrwaZ0waBswmcuV0jsO3HWbUACggovQ
7DPNJbxhSleg+Dkbvh66qd0=
=gIn9
-----END PGP SIGNATURE-----


  



--
Met vriendelijke groeten,

Rense Buijen
Chess Service Management
Tel.: 023-5149250
Email: [EMAIL PROTECTED]























					Reply via email to