[82018] in North American Network Operators' Group
Re: OT? /dev/null 5.1.1 email
daemon@ATHENA.MIT.EDU (Joe Maimon)
Fri Jul 8 15:33:21 2005
Date: Tue, 05 Jul 2005 23:58:03 -0400
From: Joe Maimon <jmaimon@ttec.com>
To: David Andersen <dga+@cs.cmu.edu>
Cc: "Steven M. Bellovin" <smb@cs.columbia.edu>,
Todd Vierling <tv@duh.org>, Jim Popovitch <jimpop@yahoo.com>,
nanog@nanog.org
In-Reply-To: <3f91074b0fb40d003393f66e3115b77c@cs.cmu.edu>
Errors-To: owner-nanog@merit.edu
David Andersen wrote:
>
>
> On Jul 5, 2005, at 11:28 PM, Steven M. Bellovin wrote:
>
>>
<snip>
> It's much easier to
> configure your backup MXen to not toss messages or send warning emails
> after 4h than it is to politely ask all sending SMTP servers to do the
> same.
>
> -Dave
>
>
Apparently this has boiled down to
- Some people feel perfectly comfortable trusting the sender's queuing
(witness graylisting's popularity)
- Some people feel more secure managing the queued mail. This is also
nicer to the sender's queues.
- Secondary MX's should make every possible effort not to add to spam
blowblack -- popular mechanisms include smtp call aheads, LDAP,
virtusertable maps and so on. If this is impossible serious thought
should be given to the need for the MX in the first place.
- Secondary MX's should take care not to be an end run against any anti
abuse systems deployed by the primary MX path.
- Typically similar effort that goes into enabling a secondary MX to
perform recipient verification needs to be done anyway when having more
than one primary MX for simple load balancing reasons. So not having
"secondaries" at that point does not make much sense.
- Building a setup depending on a failure mode for productive purposes
is not wise.
IOW, depending on collecting mal-clients for blacklisting who connect to
your secondary when you believe that they shouldnt is potentialy
problematic.
So is designing a setup where you rely on failure of the primary MX
reachability so that the secondary MX with better conectivity than the
sender can simply relay it based on MX records.
