Menu
▾
▴
Re: [Sqlgrey-users] Pre Load
|
From: Lionel B. <lio...@bo...> - 2007-01-20 16:12:28
|
Micha Silver wrote the following on 20.01.2007 10:27 : > I set: > reconnect_delay = 2 > max_connect_age = 24 > Do you recommend something different? > No, it looks good to me. > Another question I've been trying to work out: Our ISP serves as a > backup MX for our mail domains. How should I handle this as far as > greylisting? Don't use a backup MX if you can't control its own anti-SPAM settings. With greylisting, this means make them access your greylisting database. In your case, you'll be better of dropping the backup MX (more on this later). > When sqlgrey sends a 450 response to a new message, the > backup MX queues it and does it own retry after a short delay. Then the > message is blocked as spam since the sender addr and IP are the same - I > think. It is blocked by SQLgrey once because the backup MX didn't sent the message originally (unless there is an awl entry for your backup already). Then the mail passes on the second try because the backup should comply with RFCs as a full-fledge MTA. If it is blocked as SPAM, this is for a reason outside SQLgrey's scope (did you forget to whitelist your backup MX for some anti-SPAM measure?). Anyway, just dropping the backup MX should help, its only purpose is to buffer mails when your server is down (which would happen at the origin anyway). This (only if configured properly, which means you can trigger the delivery yourself or your server is constantly monitored by the backup) can help deliver mails waiting for your server to come back faster. You are trading a non-measurable and dubious speedup in case of a crash for more SPAMs in the common case. This even hides the problem to the sender when your server is down for an extended period of time (some server are configured to warn the sender when a mail couldn't reach its destination after a configured period of time). So the clients/partners/... of your mail user may discover the problem by phone too late if you are struggling to put systems back online... I occasionaly use backup MXs, but only if I'm in control of all of them and they use a more robust common backend (ie: several cheap pizzaboxes with good CPUs to handle the computations of clamav and spamassassin, with a fat system for the storage with big redondant disks, redondant power and high quality components). Lionel. |
