Il 2017-09-28 16:48 Reindl Harald ha scritto:
[..]
no, you have both the same machine, frankly you do nothing else than
add the IP aof the backup-mx to the box and tell postscreen with
"postscreen_whitelist_interfaces" which one is *always* a 450 response
OK
there is no "primary MX down" - it's the same postscreen process, they
are both up or both down - if down queued email is the clients job and
spambots trying first the backup-mx don't retry
OK
how often and how long is your MX down?
if it's below 3-5 days no need for a backup-mx at all
if it's often longer solve that problem
OK
Regarding the configuration:
OK
main.f:
postscreen_dnsbl_action = enforce
postscreen_greet_action = enforce
postscreen_greet_wait = ${stress?2}${stress:10}s
postscreen_whitelist_interfaces = !<ip-of-backup-max>, static:all
My master.cf (for both server are the same):
smtp inet n - - - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog
#tlsproxy unix - - - - 0 tlsproxy
Should be enough uncomment "postscreen"?
NO these belongs together and "dnsblog" is used for the RBL requests
OK
master.cf:
smtp unix - - n - 50 smtp
smtpd pass - - n - 15 smtpd
smtp inet n - y - 1 postscreen
dnsblog unix - - y - 0 dnsblog
OK
main.cf:
postscreen_dnsbl_min_ttl = 30s
postscreen_dnsbl_max_ttl = 30s
postscreen_dnsbl_threshold = 8
postscreen_dnsbl_sites =
dnsbl.sorbs.net=127.0.0.10*9
[..]
many thanks Harald!
Many Thanks again, now is more clear for me the overall situation!
Davide
