Re: [exim] secondary MX: allow only a set of users

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJohn Robinson at <-
MPhil Pennock at ->
Delete this message
Reply to this message
Author: Wouter Verhelst
Date:  
To: exim-users
Subject: Re: [exim] secondary MX: allow only a set of users
On Thu, Dec 20, 2007 at 02:15:48PM -0800, Phil Pennock wrote:
> On 2007-12-20 at 14:23 +0100, Wouter Verhelst wrote:
> > Look for 'smtp_reserve_hosts'. With this, you can allow the backup MX to
> > connect to the master even when the master is already 4xx'ing other
> > hosts because of things like smtp_load_reserve.
>
> Look up Single Point Of Failure.

Trust me, I know all about SPOFs.

> The point of secondary MX is to remove SPOFs whilst still accepting
> email to within your administrative control, so that you can clear
> things up quickly when problems are resolved and don't have to worry
> about broken remote systems doing things like auto-unsubscribing you
> from a mailing-list, etc.

Yes, yes.

> If you're happy for mail to remain with the senders' systems, then you
> don't need secondary MXs; if you treat email as sufficiently
> mission-critical that you should be able to deliver mail within a
> certain time-period, then secondary MXs aren't enough. Fully redundant
> parallel delivery which works is hard, secondary MX is "good enough" for
> most people. "The router crashed, mail couldn't get through for 10
> minutes, but all the stuff sent by real MTAs went to the backup MX on
> the different network and I've flushed the queues, so all delayed email
> has now been delivered. If you don't have the important business
> document yet, it wasn't sent or is still in the sender's systems for
> some reason and it's their technical problem, not ours"

This will still work with receiver callout verification, for the very
simple reason that callout verification is actually cached. It will be
problematic to receive spam to non-existing email addresses which hadn't
been seen before during the downtime of the primary, but that's a
feature, not a bug.

It only becomes a problem once the cache times out; this setup will
therefore not help when you're talking about "the server will be down
for maintenance during the next 8 hours", but you'll probably have
problems then, anyway.

--
<Lo-lan-do> Home is where you have to wash the dishes.
-- #debian-devel, Freenode, 2004-09-22

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Exim verify recipients not working[exim] Problem with host request ratio->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)