[milters] Archive

Lists Index Date Thread Search

Article: 338
From: Erik Hensema
Date: 2005-02-17 09:36:17 -0500
Subject: Shutting down a backup MX with 450's: doesn't work :-(

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Hi all,

As you may know I have been experimenting with a patch to milter-ahead
which shuts down a backup MX when milter-ahead succesfully verifies the
address with the primary MX.

Unfortunately this caused some problems and that's why I stopped using the
patch.

First of all, locally generated mail will also be rejected. So,
milter-ahead will need a whitelist. This is fixable.

However, secondly there are broken MTA's which 'lock on' onto a server when
that server gives them a 4xx error. qmail seems to be one of them; the bug
seems to be related to the HELO bug described in section 3.2 of
http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html

I actually have had a server trying to deliver legitimate mail to my backup
MX without ever trying to deliver it to the primary MX. That server is
217.148.171.23 - I'm not entirely sure it runs qmail though.

I now switched to greylisting on my backup mx, which mostly has the same
effect as running a patched milter-ahead. I also run an unpatched
milter-ahead on the backup mx. Greylisting caused a drop of more than 98%
in mail accepted by my backup mx.

Apart from getting the entire world to drop qmail (which is a worthy cause
IMHO), I don't see any sollution :-(

-- 
Erik Hensema (erik@hensema.net)

Lists Index Date Thread Search