even more details:
1. I use Mailscanner/postfix in the 3 MX's servers. 2. Using dig I get exactly the same of what I have in my bind server. 3. http://dnsreport.com/ reports no problem at all. 4. I'm not using any greylisting.... Yet.. I'm setting right now spamassassin with mailscanner..
Regards Israel
-----Mensaje original----- De: replies-lists-centos@listmail.innovate.net [mailto:replies-lists-centos@listmail.innovate.net] Enviado el: Tuesday, June 20, 2006 1:04 PM Para: SV-Israel Garcia Asunto: Re: [CentOS] Mailers and records MX
are you seeing spam or "real" mail through the higher ordinal MX hosts?
spammers often target higher ordinal MX hosts because they assume that there are fewer blocks there (e.g., the user base isn't checked).
if it's "real" mail, it can simply be that the lower ordinal MX hosts are seen as slow by some sender's mail hosts.
- Rick
------------ Original Message ------------
Date: Tuesday, June 20, 2006 02:01:06 PM -0500 From: israel.garcia@cimex.com.cu To: centos@centos.org Subject: [CentOS] Mailers and records MX
I've installed bind on centos 4.3.. This is a part of my config file:
example.com. IN MX 10 mail.example.com. example.com. IN MX 15 mail1.example.com. example.com. IN MX 20 mail2.example.com.
mail.example.com. IN A x.x.x.x mail1.example.com. IN A x.x.x.x mail2.example.com. IN A x.x.x.x
Every seems to be fine, but I'm constantly receiving messages in my 3 MX servers, even if mail.example.com (the less MX record) is available
waiting for connections from outside... Why if my less mx record server is available the others servers are constantly receiving messages for my domain?
Thanks for your time Israel
---------- End Original Message ----------
On Tue, 2006-06-20 at 15:02 -0500, israel.garcia@cimex.com.cu wrote:
even more details:
- I use Mailscanner/postfix in the 3 MX's servers.
- Using dig I get exactly the same of what I have in my bind server.
- http://dnsreport.com/ reports no problem at all.
Does the 'mail test' give you back the same MX servers you see locally with the same values? If so you must have some connectivity problem or there are cached records with different values stored somewhere. Legitimate mailers should always attempt to connect to the lowest value first and only try the next after a failure.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, Jun 20, 2006 at 02:09:38PM -0500, Les Mikesell wrote:
On Tue, 2006-06-20 at 15:02 -0500, israel.garcia@cimex.com.cu wrote:
even more details:
- I use Mailscanner/postfix in the 3 MX's servers.
- Using dig I get exactly the same of what I have in my bind server.
- http://dnsreport.com/ reports no problem at all.
Does the 'mail test' give you back the same MX servers you see locally with the same values? If so you must have some connectivity problem or there are cached records with different values stored somewhere. Legitimate mailers should always attempt to connect to the lowest value first and only try the next after a failure.
The catch is that they will try the others even after a temporary failure. These might include greylisting but also other limits (max number of children, max connections from IP, max server load etc).
- -- Rodrigo Barbosa "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
Les Mikesell wrote:
On Tue, 2006-06-20 at 15:02 -0500, israel.garcia@cimex.com.cu wrote:
even more details:
- I use Mailscanner/postfix in the 3 MX's servers.
- Using dig I get exactly the same of what I have in my bind server.
- http://dnsreport.com/ reports no problem at all.
Does the 'mail test' give you back the same MX servers you see locally with the same values? If so you must have some connectivity problem or there are cached records with different values stored somewhere. Legitimate mailers should always attempt to connect to the lowest value first and only try the next after a failure.
I've run a backup mailserver for four or five years now. This is common for several reasons. Basic connectivity issues.. a little slow or whatever... server loads or mail processes.. if you have any limit set for the number of allowed processes.. but, the single biggest reason is spam. Spammers will send directly to the backup system, knowing in most cases they are dumb machines (so to speak) and will more likely receive the mail.. and then your main mailserver will be more likely to receive mail from your own backup system.. A backdoor in so to speak. A very good idea by spammers.
I recently moved my backup mailserver to a new IP address... about 3 months ago. The old backup mailserver is still getting pounded with mail destined for what it used to relay to the main server. This is absolute proof the DNS has nothing to do with this practice.
It is not so easy to provide a proper setup for a backup mailsystem.. and is more complex in a hosting environment. A lot of domains to deal with.
I wouldn't worry too much about the fact that some mail is making it to the backup systems and in fact just praise myself for that part working.. and then get on with the business of dealing with how to stop it when it shouldn't go there.. which will require some other avenue. It's also important to stop that spammer technique, as once the mail makes it to the main mailserver.. if the user doesn't exist, you'll be sending a return message back from you main mailserver to an address that doesn't exist.. and this is deemed spam itself by many (although I disagree).. and you may find your system on some of the blocklists out there.
Best, John Hinton
israel.garcia@cimex.com.cu writes:
even more details:
- I use Mailscanner/postfix in the 3 MX's servers.
- Using dig I get exactly the same of what I have in my bind server.
- http://dnsreport.com/ reports no problem at all.
- I'm not using any greylisting.... Yet.. I'm setting right now
spamassassin with mailscanner..
See http://www.postfix.org/addon.html
Quoting from the page:
--- quote --- mailscanner system, works with Postfix and other MTAs. This uses unsupported methods to manipulate Postfix queue files, and there are multiple reports of message duplication and/or delivery of truncated messages. --- quote ---
It's use is NOT recommended by Postfix's author. This may not be the cause of the problem but ...
Simon
centos-bounces@centos.org <> scribbled on Tuesday, June 20, 2006 3:50 PM:
israel.garcia@cimex.com.cu writes:
even more details:
- I use Mailscanner/postfix in the 3 MX's servers.
- Using dig I get exactly the same of what I have in my
bind server.
- http://dnsreport.com/ reports no problem at all.
- I'm not using any greylisting.... Yet.. I'm setting right now
spamassassin with mailscanner..
See http://www.postfix.org/addon.html
Quoting from the page:
--- quote --- mailscanner system, works with Postfix and other MTAs. This uses unsupported methods to manipulate Postfix queue files, and there are multiple reports of message duplication and/or delivery of truncated messages. --- quote ---
It's use is NOT recommended by Postfix's author. This may not be the cause of the problem but ...
Simon
I really doubt this is the problem as it has no impact on which MX record is chosen to connect to. As a sendmail and postfix user...both with MailScanner, I've had NO problems whatsoever. There are thousands of other users as well. There were some problems years ago, but they are no longer to my knowledge. Weitz and Julian will probably never see eye to eye. Weitz doesn't play well with others.
Mike
mike@vesol.com ("Mike Kercher") writes:
See http://www.postfix.org/addon.html
Quoting from the page:
--- quote --- mailscanner system, works with Postfix and other MTAs. This uses unsupported methods to manipulate Postfix queue files, and there are multiple reports of message duplication and/or delivery of truncated messages. --- quote ---
It's use is NOT recommended by Postfix's author. This may not be the cause of the problem but ...
Simon
I really doubt this is the problem as it has no impact on which MX record is chosen to connect to. As a sendmail and postfix user...both with MailScanner, I've had NO problems whatsoever. There are thousands of other users as well. There were some problems years ago, but they are no longer to my knowledge. Weitz and Julian will probably never see eye to eye. Weitz doesn't play well with others.
This is probably a bit off-topic but you may not have followed the Postfix mailing lists. mailscanner uses *undocumented* postfix-internal queue files which _may_ change between postfix versions and which are NOT supported for use by outside programs.
People HAVE had problems with mailscanner and it is likely that these problems are probably timing related and therefore more likely to occur the busier the server. Postfix provides 2 STANDARD interfaces for virus-scanners which are heavily used and efficient: SMTP/LMTP or the "sendmail compatible" /usr/sbin/sendmail binary. Mail software should only use those public interfaces which are guaranteed to be supported, to be stable to and to work.
I don't share your negative view of Wietse.
In any case should you want to respond perhaps it's better we take this off-list. I'm not that bothered either way.
The point I was trying to make is that using Postfix with Mailscanner *may* lead to issues and if so will not get support from the postfix users. The original poster should be aware of this. He is having problems using Postfix with an unsupported virus scanner and should be aware of this. [Using other virus scanners which do follow the supported interfaces does not have this problem.]
Regards,
Simon
On Tue, 2006-06-20 at 22:49 +0200, Simon J Mudd wrote:
israel.garcia@cimex.com.cu writes:
even more details:
- I use Mailscanner/postfix in the 3 MX's servers.
- Using dig I get exactly the same of what I have in my bind server.
- http://dnsreport.com/ reports no problem at all.
- I'm not using any greylisting.... Yet.. I'm setting right now
spamassassin with mailscanner..
See http://www.postfix.org/addon.html
Quoting from the page:
--- quote --- mailscanner system, works with Postfix and other MTAs. This uses unsupported methods to manipulate Postfix queue files, and there are multiple reports of message duplication and/or delivery of truncated messages. --- quote ---
It's use is NOT recommended by Postfix's author. This may not be the cause of the problem but ...
---- a LOT of postfix users use MailScanner and it is fine. There probably will be some adjustments made for Postfix 2.3 but that is still in development form anyway. The warnings are indicative of some personal animus that Wietse has toward Julian (the author of MailScanner) and not relevant to the fact that I have been using MailScanner for years without incident.
Craig
Postfix website is outa date, with the new method that mailscanner uses it's alot safer.
and this has absolutely nothing to do with mailservers talking to the wrong MX :)
On Tuesday 20 June 2006 16:49, Simon J Mudd wrote:
israel.garcia@cimex.com.cu writes:
even more details:
- I use Mailscanner/postfix in the 3 MX's servers.
- Using dig I get exactly the same of what I have in my bind server.
- http://dnsreport.com/ reports no problem at all.
- I'm not using any greylisting.... Yet.. I'm setting right now
spamassassin with mailscanner..
See http://www.postfix.org/addon.html
Quoting from the page:
--- quote --- mailscanner system, works with Postfix and other MTAs. This uses unsupported methods to manipulate Postfix queue files, and there are multiple reports of message duplication and/or delivery of truncated messages. --- quote ---
It's use is NOT recommended by Postfix's author. This may not be the cause of the problem but ...
Simon _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Charles Lacroix -
Craig White -
israel.garcia@cimex.com.cu -
John Hinton -
Les Mikesell -
Mike Kercher -
Rodrigo Barbosa -
Simon J Mudd