[CentOS] Centos 6 Sendmail backup MX Config

Fri Feb 13 19:11:36 UTC 2015
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Fri, February 13, 2015 12:52 pm, Les Mikesell wrote:
> On Fri, Feb 13, 2015 at 12:45 PM, Valeri Galtsev
> <galtsev at kicp.uchicago.edu> wrote:
>>
>>>>
>>> In this case the secondary MX has the same RBL's etc etc as the
>>> primary.
>>> I do see the spammers sending their junk to the secondary more than the
>>> primary MX. Agree the secondary does not know the difference between
>>> valid and invalid addresses.
>>
>> What software the secondary MX is based on in whose case you say
>> secondary
>> MX doesn't know legitimate addresses of primary MX?
>>
>> I know about postfix. And all my servers are based on postfix. And even
>> in
>> the most trivial configuration of secondary MX based on postfix
>> secondary
>> MX _does_ have to have all legitimate addressed of primary MX. These are
>> in relay_recipients table. Any address that is not in that table, will
>> not
>> be accepted by secondary MX. Postfix even in the most trivial
>> configuration is sane and does not "accept everything".
>>
>> So, what is the secondary MX server that you are describing that
>> "accepts
>> everything" is based on?
>
> I think he means that the secondary does not know the user names on
> the primary.  Which it won't, unless someone maintains it, regardless
> of the server software.
>

Did you ever set up backup MX based on postfix? Sounds like not, as in
case of postfix you have to maintain that table on backup MX, or it will
not accept anything destined to primary MX.

It is only now that I read the thread subject... which is about sendmail.
So, I guess my comments about postfix are not relevant or not quite
relevant to this thread. I started replacing venerable sendmail almost two
decades back with postfix which was written with security in mind from the
very beginning by brilliant person: Vietse Venema. I still like human
readable configuration files of postfix and got really used to all logic
of it. So even though sendmail I heard is not a security disaster for long
time already I'm quite happy with postfix. At some point even RedHat
switched to postfix as default MX software on their system (not long ago
though...). I guess, backup MX example makes me even happier: postfix
really prevents you from doing wrong thing (making your backup MX a source
of backscatter).

Just my $0.02

Valeri


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++