FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 07-29-2011, 01:04 PM
Steve Searle
 
Default Primary and secondary sendmail servers

When configuring a primary and secondary sendmail server, how does the
secondary mail server know it should relay anythign to the primary one?

Is it just by the mailserver examining the DNS mx records, or is there
something else in either of the sendmail configurations?

Steve

--

Website: www.stevesearle.com
Twitter: @ReddishShift
Facebook: www.facebook.com/steve.searle

14:03:00 up 9 days, 58 min, 2 users, load average: 0.03, 0.04, 0.00
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-29-2011, 01:28 PM
"Gregory P. Ennis"
 
Default Primary and secondary sendmail servers

--
When configuring a primary and secondary sendmail server, how does the
secondary mail server know it should relay anythign to the primary one?

Is it just by the mailserver examining the DNS mx records, or is there
something else in either of the sendmail configurations?

Steve
--------------------------------------------------

Steve,

If you are referring to relaying mail to the primary server all you have
to do is make the appropriate entry in /etc/mail/sendmail.mc by way of
the SMART_HOST feature.

define(`SMART_HOST', `smtp.your.provider')dnl

sendmail likes to have a dns server (named) active for local deliveries,
but if you do not have dns service you can specify ip addresses for your
smart host by

dnl define(`SMART_HOST', `[10.0.0.1]')dnl

Greg

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-29-2011, 01:31 PM
Chris Adams
 
Default Primary and secondary sendmail servers

Once upon a time, Steve Searle <steve@stevesearle.co.uk> said:
> When configuring a primary and secondary sendmail server, how does the
> secondary mail server know it should relay anythign to the primary one?
>
> Is it just by the mailserver examining the DNS mx records, or is there
> something else in either of the sendmail configurations?

Basically, you configure the secondary to relay (but not deliver) mail
for the domain(s). For sendmail, this would mean putting a line like:

To:example.com RELAY

in /etc/mail/access (and running "make" in /etc/mail to update the db).
When mail for that domain comes in, sendmail will see the MX record and
attempt to pass mail on to a higher-preference (lower number) MX.

However, there's a big problem with doing this (not a sendmail specific
problem): the secondary doesn't know which @example.com addresses are
valid and invalid. By default, it will accept email for all such
addresses and try to forward them. When somebody sends an email to an
invalid @example.com address via the secondary, the primary will reject
the message and the secondary will generate a bounce message back to the
apparent sender.

This is a problem because spammers know about this loophole and will try
to dump spam (to massive numbers of invalid addresses) on your secondary
server (usually with forged sender addresses). The secondary will then
bounce the spam to people that didn't actually send the messages; this
is called "blowback" and will get your secondary server on spam
blocklists in short order.

You really need the secondary to have some way of knowing all the valid
recipient addresses at the domain (and have any spam filtering
configured to match), so it doesn't accept mail that the primary
wouldn't.

This is more complicated; for sendmail, you have to write a few custom
rulesets (not really very much). The bigger issue is that you need some
way for the secondary to know the valid addresses on the primary; the
usual way is to have all users, aliases, etc. in LDAP (and replicate the
LDAP to the secondary).

--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 07-29-2011, 06:56 PM
Rich Mahn
 
Default Primary and secondary sendmail servers

Chris Adams <cmadams@hiwaay.net> wrote:

[snip]
> You really need the secondary to have some way of knowing all the valid
> recipient addresses at the domain (and have any spam filtering
> configured to match), so it doesn't accept mail that the primary
> wouldn't.

> This is more complicated; for sendmail, you have to write a few custom
> rulesets (not really very much). The bigger issue is that you need some
> way for the secondary to know the valid addresses on the primary; the
> usual way is to have all users, aliases, etc. in LDAP (and replicate the
> LDAP to the secondary).

I use sfm-sav to verify the recipient addresses. It works by querying the
server and caching results. It can be used for both recipient and sender
addresses, but most of the junk I get is the millions of generated recipients,
so this nicely refuses them at the seconday. It integrates well with sendmail,
requiring only minor updates to sendmail.mc. Unfortunately, the package is
not part of the fedora family, as far as I can tell, but it is available at
sourceforge. Seems to me I had to do some minor tweeking. There are interface
problems with selinux. I've written a script that handles them and will be
glad to send my updates to anyone interested. The "use at your own risk" caveats
apply, of course.

I would also recommend milter-greylist. This package is available via the
standard fedora repositories. This greylisting cut our incoming e-mail
(almost all of it spam) down by about 95%.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 07:21 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org