On Fri, February 13, 2015 12:52 pm, Les Mikesell wrote: > On Fri, Feb 13, 2015 at 12:45 PM, Valeri Galtsev > <galtsev at kicp.uchicago.edu> wrote: >> >>>> >>> In this case the secondary MX has the same RBL's etc etc as the >>> primary. >>> I do see the spammers sending their junk to the secondary more than the >>> primary MX. Agree the secondary does not know the difference between >>> valid and invalid addresses. >> >> What software the secondary MX is based on in whose case you say >> secondary >> MX doesn't know legitimate addresses of primary MX? >> >> I know about postfix. And all my servers are based on postfix. And even >> in >> the most trivial configuration of secondary MX based on postfix >> secondary >> MX _does_ have to have all legitimate addressed of primary MX. These are >> in relay_recipients table. Any address that is not in that table, will >> not >> be accepted by secondary MX. Postfix even in the most trivial >> configuration is sane and does not "accept everything". >> >> So, what is the secondary MX server that you are describing that >> "accepts >> everything" is based on? > > I think he means that the secondary does not know the user names on > the primary. Which it won't, unless someone maintains it, regardless > of the server software. > Did you ever set up backup MX based on postfix? Sounds like not, as in case of postfix you have to maintain that table on backup MX, or it will not accept anything destined to primary MX. It is only now that I read the thread subject... which is about sendmail. So, I guess my comments about postfix are not relevant or not quite relevant to this thread. I started replacing venerable sendmail almost two decades back with postfix which was written with security in mind from the very beginning by brilliant person: Vietse Venema. I still like human readable configuration files of postfix and got really used to all logic of it. So even though sendmail I heard is not a security disaster for long time already I'm quite happy with postfix. At some point even RedHat switched to postfix as default MX software on their system (not long ago though...). I guess, backup MX example makes me even happier: postfix really prevents you from doing wrong thing (making your backup MX a source of backscatter). Just my $0.02 Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++