Loading ...
Sorry, an error occurred while loading the content.

postfix as backup MX + amavis question

Expand Messages
  • Imre Gergely
    hi this is not really a postfix question, but a generic mail sending/receiving question, it can apply to postfix too. let s say we have a domainname, with two
    Message 1 of 6 , Oct 5, 2006
    • 0 Attachment
      hi

      this is not really a postfix question, but a generic mail sending/receiving
      question, it can apply to postfix too.

      let's say we have a domainname, with two MX records, two different mailservers.
      the secondary MX (with priority 10), and primary MX (prio 5). so when somebody
      wants to send a message, normally, it sends to the primary MX, if all is set up
      correctly, and te primary MX is up and running. now if the primary is out with
      some problems, only then will the sender connect to the secondary MX. correct?

      but lately (or for some time actually), spammers are using backup MX servers to
      send spam. so they don't connect to the primary, they connect directly to the
      secondary MX, even tho the primary is up.

      now let's say the backup MX is running postfix, which is configured to do relay
      for the domain in question via relay_domains, or permit_mx_backups. could this
      postfix be setup somehow as to verify the status of the primary MX, and reject
      mail from everybody IF the primary is up?

      is this a good idea? :) it could be done with some verify script+firewall
      combination of course, but i was just wondering if postfix supports something
      like this.


      another question related to this:

      my server is the backup MX for some domain. if the primary MX is down, my
      server receives all the mail. if i have a content filter, say amavis+clam like
      this:

      content_filter = smtp-amavis:[127.0.0.1]:10024

      can i somehow set the whole thing up as to _NOT_ filter the mail for the domain
      it's backup MX for ? i dont want to mess with those emails (dont want to filter
      them, or reject, or quarantine them), i just want to keep them in my queue
      until the primary MX is up. but of course, i want to scan all my other domains
      for which this server is the final destination.

      thx.
    • Jorey Bump
      ... I have done extensive research on this and developed a technique: Unlisting: Port Knocking for SMTP http://www.joreybump.com/code/howto/unlisting.html Heed
      Message 2 of 6 , Oct 5, 2006
      • 0 Attachment
        Imre Gergely wrote:

        > now let's say the backup MX is running postfix, which is configured to do relay
        > for the domain in question via relay_domains, or permit_mx_backups. could this
        > postfix be setup somehow as to verify the status of the primary MX, and reject
        > mail from everybody IF the primary is up?
        >
        > is this a good idea? :) it could be done with some verify script+firewall
        > combination of course, but i was just wondering if postfix supports something
        > like this.

        I have done extensive research on this and developed a technique:

        Unlisting: Port Knocking for SMTP
        http://www.joreybump.com/code/howto/unlisting.html

        Heed the warnings carefully. Much of the background information is
        presented in a page about another technique that serves as the
        foundation and is far safer and blocks significantly more spam:

        Nolisting: Poor Man's Greylisting
        http://www.joreybump.com/code/howto/nolisting.html

        I recommend against running a true backup MX in today's Internet, but if
        you must, the information on these pages may provide a starting point
        for protecting it. You must still make an effort to properly validate
        all recipients of the domains for which you provide backup, as well as
        implement effective antispam measures. Merely accepting all mail for
        forwarding when the primary is back up is no longer acceptable practice.
      • Imre Gergely
        ... why not? can you enlighten me a bit? im thinking of a mail server that s say 95% of the time up, but it can happen that some power outage or the like
        Message 3 of 6 , Oct 5, 2006
        • 0 Attachment
          Jorey Bump wrote:
          > Imre Gergely wrote:
          >
          >> now let's say the backup MX is running postfix, which is configured to
          >> do relay
          >> for the domain in question via relay_domains, or permit_mx_backups.
          >> could this
          >> postfix be setup somehow as to verify the status of the primary MX,
          >> and reject
          >> mail from everybody IF the primary is up?
          >>
          >> is this a good idea? :) it could be done with some verify script+firewall
          >> combination of course, but i was just wondering if postfix supports
          >> something
          >> like this.
          >
          > I have done extensive research on this and developed a technique:
          >
          > Unlisting: Port Knocking for SMTP
          > http://www.joreybump.com/code/howto/unlisting.html
          >
          > Heed the warnings carefully. Much of the background information is
          > presented in a page about another technique that serves as the
          > foundation and is far safer and blocks significantly more spam:
          >
          > Nolisting: Poor Man's Greylisting
          > http://www.joreybump.com/code/howto/nolisting.html
          >
          > I recommend against running a true backup MX in today's Internet, but if
          > you must, the information on these pages may provide a starting point
          > for protecting it. You must still make an effort to properly validate
          > all recipients of the domains for which you provide backup, as well as
          > implement effective antispam measures. Merely accepting all mail for
          > forwarding when the primary is back up is no longer acceptable practice.
          >

          why not? can you enlighten me a bit?

          im thinking of a mail server that's say 95% of the time up, but it can happen
          that some power outage or the like knocks it off for say a day or two. then i
          merely want to keep his messages until it's up again. i dont want to verify
          anything, i have a large queue and that's about it. let's say i dont know his
          filtering policy for spam, and maybe i dont care. when the host is back up
          again, i just forward him the messages he got, and he should filter them and do
          whatever he wants with them.

          why is this bad? i dont wanna sound ignorant, i just dont know what's wrong
          with this setup (yet) :)
        • Sandy Drobic
          ... What happens if your client does not accept the spam from your backup mx? Then you a sitting on a lot of spam that is congesting your queue. Unfortunately,
          Message 4 of 6 , Oct 5, 2006
          • 0 Attachment
            Imre Gergely wrote:

            >> I recommend against running a true backup MX in today's Internet, but if
            >> you must, the information on these pages may provide a starting point
            >> for protecting it. You must still make an effort to properly validate
            >> all recipients of the domains for which you provide backup, as well as
            >> implement effective antispam measures. Merely accepting all mail for
            >> forwarding when the primary is back up is no longer acceptable practice.
            >>
            >
            > why not? can you enlighten me a bit?
            >
            > im thinking of a mail server that's say 95% of the time up, but it can happen
            > that some power outage or the like knocks it off for say a day or two. then i
            > merely want to keep his messages until it's up again. i dont want to verify
            > anything, i have a large queue and that's about it. let's say i dont know his
            > filtering policy for spam, and maybe i dont care. when the host is back up
            > again, i just forward him the messages he got, and he should filter them and do
            > whatever he wants with them.
            >
            > why is this bad? i dont wanna sound ignorant, i just dont know what's wrong
            > with this setup (yet) :)

            What happens if your client does not accept the spam from your backup mx?
            Then you a sitting on a lot of spam that is congesting your queue.
            Unfortunately, there are a few genuinely misspelled mails, so you can't
            just delete every bounced mail and you have to send them back to the sender.
            This makes the sender of the genuine mail happy, he got the mail back and
            knows that he made a mistake with the recipient address. But you also have
            99 spam for each genuine mailbounce, that you sent to the falsified sender
            address in case of spam. So you've got 99 people mad at you for sending
            them spam.
            Now you think "Okay, let's make the 99 people happy and simply delete all
            bounces. Great! Your server is not listed on blacklists anymore and the
            angry hate mails diminish drastically. Life is good and easy. What you
            didn't consider is that the once happy guy is now REALLY mad at you and
            sues you for deleting his property. Now, life is not so good any more and
            you start to wonder how you got into this mess...

            Depending on the local laws you could get into a LOT of trouble for
            arbitrarily deleting mails without pressing cause. So far the only common
            reason for discarding mails is a positive result of the virus scanner. In
            order to prevent damage to your system and your customers system it is
            considered appropriate to discard a virus mail. At least it is allowed
            here in Germany. Your situation may vary.

            Sandy
            --
            List replies only please!
            Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com
          • Gary V
            ... See if this helps: http://www200.pair.com/mecham/spam/bypassing.html Gary V _________________________________________________________________ Try the new
            Message 5 of 6 , Oct 5, 2006
            • 0 Attachment
              >another question related to this:
              >
              >my server is the backup MX for some domain. if the primary MX is down, my
              >server receives all the mail. if i have a content filter, say amavis+clam
              >like
              >this:
              >
              >content_filter = smtp-amavis:[127.0.0.1]:10024
              >
              >can i somehow set the whole thing up as to _NOT_ filter the mail for the
              >domain
              >it's backup MX for ? i dont want to mess with those emails (dont want to
              >filter
              >them, or reject, or quarantine them), i just want to keep them in my queue
              >until the primary MX is up. but of course, i want to scan all my other
              >domains
              >for which this server is the final destination.
              >
              >thx.

              See if this helps:
              http://www200.pair.com/mecham/spam/bypassing.html

              Gary V

              _________________________________________________________________
              Try the new Live Search today!
              http://imagine-windowslive.com/minisites/searchlaunch/?locale=en-us&FORM=WLMTAG
            • Jorey Bump
              ... In a word: backscatter. http://www.postfix.org/BACKSCATTER_README.html ... Wrong. ... He will bounce messages to thousands of forged addresses, and make
              Message 6 of 6 , Oct 5, 2006
              • 0 Attachment
                Imre Gergely wrote:
                > Jorey Bump wrote:
                >> implement effective antispam measures. Merely accepting all mail for
                >> forwarding when the primary is back up is no longer acceptable practice.
                >
                > why not? can you enlighten me a bit?

                In a word: backscatter.

                http://www.postfix.org/BACKSCATTER_README.html

                > im thinking of a mail server that's say 95% of the time up, but it can happen
                > that some power outage or the like knocks it off for say a day or two. then i
                > merely want to keep his messages until it's up again. i dont want to verify
                > anything, i have a large queue and that's about it. let's say i dont know his
                > filtering policy for spam, and maybe i dont care. when the host is back up
                > again, i just forward him the messages he got, and he should filter them and do
                > whatever he wants with them.

                Wrong.

                > why is this bad? i dont wanna sound ignorant, i just dont know what's wrong
                > with this setup (yet) :)

                He will bounce messages to thousands of forged addresses, and make the
                lives of users and admins (like me and you) miserable.

                By not running a backup MX, most mail will be queued on the sender's MTA
                for up to five days, which should be ample time to fix the server
                (admittedly, there are circumstances where this is not the case, but
                they are rare and indicate the need for major remedies). In fact, I've
                seen more mail lost by bringing a primary server up without the proper
                configuration to accept and deliver mail from a backup MX than I have
                when there is no backup at all. This is not to say a backup MX is
                completely unnecessary everywhere, it's just that many sites don't need
                one, and are better off without it.
              Your message has been successfully submitted and would be delivered to recipients shortly.