Les Mikesell wrote:
Christopher Chan wrote:
If you have a reasonably fast internal mailer you can just let mimedefang on your external relay check against it with smtp in real time. Exchange isn't one of those, though.
That internal mailer still has to whack something. You would just be adding another layer again with the smtp latency. What is with the love of uber number of layers?
You are removing a layer if you just pass through the recipient check to the ultimate source (the internal delivery machine) before accepting, and it does in fact need to be able to handle the lookups at the speed real messages come in. However, your external relay is likely to get whacked with a dictionary attack that it needs to be able to reject quickly so you can't do that if the delivery box is slow.
OH are we? So what happens when the frontend hands off to the internal delivery machine? Does not the internal delivery machine again do another lookup?
I used qmail for one of my domains a while back and it's practice of accepting everything, then sending bounces got a dictionary attack onto some kind of 'good to spam' list and I got about 50,000 messages/day for non-existing users for years afterwards. That was a problem until I put a sendmail with the good users in a virtuser table in front of it. Interestingly, the messages would come in from a large number of different IP addresses but in a sorted order and with clearly coordinated timing.
/me shudders to think of anyone running a pure qmail-1.03 for a mx.