[milters] Archive

Lists Index Date Thread Search

Article: 314
From: Anthony Howe
Date: 2005-01-25 06:20:52 -0500
Subject: Re: milter-ahead on a backup mx

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Erik Hensema wrote:
> On Tue, Jan 25, 2005 at 08:40:50AM +0100, Anthony Howe wrote:
> [rejecting mail on backup mx when primary mx is online]
> 
>>I've been rereading RFC 974 MAIL ROUTING AND THE DOMAIN SYSTEM. In 
>>particular section "Interpreting the List of MX RRs", paragraph 7, 
>>sentence 2 and 3:
>>
>>	The mailer is required to attempt delivery to the lowest
>>	valued MX. Implementors are encouraged to write mailers so
>>	that they try the MXs in order until one of the MXs accepts
>>	the message, or all the MXs have been tried.
>>
>>The only requirement above is a client MUST try the primary MXes
>>first before trying secondary MXes. It does NOT say that they MUST only 
>>delivery to the primary when it is online. The above suggestion might 
>>break legit mail delivery in the event of temporary (421 busy signal) or 
>>permanent rejection (554 weclome message) from the primary.
> 
> 
> Good point. Maybe the milter should give a 4xx if and only if the primary
> mx would accept the message. In all other cases, revert to the default
> behaviour of milter-ahead.

That makes no difference. A 5xx would just cause an error to be returned 
to the sender immediately, while a 4xx could cause repeated errors until 
a message expires from the retry queue. Consider:

a) Primary MX is always online and responds "421 server busy" or "421 
service restarting", or worse "554 no SMTP service here", etc.
b) A backup MX using milter-ahead with the -B option always rejects if 
the primary is online.

The message could bounce around for days before the sender gets a error 
response, because of retry queues.

I've actually implemented -B this morning and found that I had to modify 
the definition of -b (is backup mx).  Essentially if -b is given and the 
primary does not answer, or answers and responds with 421 or 554, then 
accept the message.

Only after the welcome message has been processed can you then could you 
reject if the primary is online _and_ available for service.

I believe -B is contrary to RFC 974, but sufficiently interesting to 
implement and experiment with, especially for some sites that manage 
both primary and secondary servers.

-- 
Anthony C Howe                                 +33 6 11 89 73 78
http://www.snert.com/       ICQ:
7116561         AIM: Sir Wumpus

            "Once...we were here."  - Last of The Mohicans


Lists Index Date Thread Search