Loading ...
Sorry, an error occurred while loading the content.

Re: Backup mx on cable

Expand Messages
  • Jan P. Kessler
    ... Please note that having a public MX behind a dynamic ip address may lead to situations where someone else gets your mail! I m just thinking about setting
    Message 1 of 9 , Jul 9, 2013
    • 0 Attachment
      Am 09.07.2013 23:56, schrieb Jan P. Kessler:
      > > How can I configure my primary server to accept connections/mail from the
      > > secondary server but still refuse connections/mail from all other cable
      > > connections.
      >
      > I use TLS client certificates for these purposes*
      >
      > http://www.postfix.org/TLS_README.html
      >
      > * Not for backup to primary mx, but whenever I 'own' both sides of the
      > connection and one is behind a dynamic ip (soho server sends outgoing
      > mail via company relay, ...).

      Please note that having a public MX behind a dynamic ip address may lead
      to situations where someone else gets your mail!

      I'm just thinking about setting up a honeypot postfix on my cable line
      at home ;).
    • Fred Zinsli
      ... This is something I hadn t considered at all. In order for me to better understand the consequences of my actions are you able to explain to me why that is
      Message 2 of 9 , Jul 9, 2013
      • 0 Attachment
        > Am 09.07.2013 23:56, schrieb Jan P. Kessler:
        >> > How can I configure my primary server to accept connections/mail from
        >> the
        >> > secondary server but still refuse connections/mail from all other
        >> cable
        >> > connections.
        >>
        >> I use TLS client certificates for these purposes*
        >>
        >> http://www.postfix.org/TLS_README.html
        >>
        >> * Not for backup to primary mx, but whenever I 'own' both sides of the
        >> connection and one is behind a dynamic ip (soho server sends outgoing
        >> mail via company relay, ...).
        >
        > Please note that having a public MX behind a dynamic ip address may lead
        > to situations where someone else gets your mail!
        >
        > I'm just thinking about setting up a honeypot postfix on my cable line
        > at home ;).
        >
        >

        This is something I hadn't considered at all.
        In order for me to better understand the consequences of my actions are
        you able to explain to me why that is the case, and what situation would
        need to arise for that to happen. Or simply point me to the appropriate
        articles so I can read and investigate this.

        It is looking more and more like I should be leasing another VPS server to
        host my backup DNS and MX.

        Regards

        Fred
      • btb@...
        ... honestly, i simply wouldn t bother with a backup mx. what is the actual problem you re trying to solve by running a backup mx? the contemporary internet
        Message 3 of 9 , Jul 9, 2013
        • 0 Attachment
          On Jul 9, 2013, at 21.56, Fred Zinsli <fred.zinsli@...> wrote:

          > This is something I hadn't considered at all.
          > In order for me to better understand the consequences of my actions are
          > you able to explain to me why that is the case, and what situation would
          > need to arise for that to happen. Or simply point me to the appropriate
          > articles so I can read and investigate this.
          >
          > It is looking more and more like I should be leasing another VPS server to
          > host my backup DNS and MX.

          honestly, i simply wouldn't bother with a backup mx. what is the actual problem you're trying to solve by running a backup mx? the contemporary internet is remarkably well connected - the days in which the truly practical application of a backup mx were back when hosts/sites often spent the majority of their time disconnected from the internet.

          -ben
        Your message has been successfully submitted and would be delivered to recipients shortly.