amuck-landowner

External Email

Nyr

Active Member
Also should add backup mail server to the guide. Some people may not want it, just like with postgrey the MTA will always retry later if the connection times out or is rejected or whatever, but backup is useful.
Is relatively useful.

I mean, back in the old days, it was really needed, email wasn't as standardized as it is today and you could really miss some emails if your server was down. Today, if a server is down, the remote MTA will try to deliver the message for several days (4-5 days as per a RFC IIRC).

That means, running a backup server it's useful more than anything so you control when that mails are delivered when your primary MX returns.

The problem is: a misconfigured mail server can and will get abused by spammers. The rule of thumb this days seems to bethat if you can't run a backup server as secure as your primary MX, don't run one at all. This is important because many backup servers will accept emails for all addresses, existing or not on a domain, even all email for any domain at all. And if proper filtering isn't implemented, you end up with RBLs not working as they should when spam is forwarded to your main server, etc...

Not only this, due backup servers usually being less protected than the primary MX, spammers usually deliver to the lower priority servers directly, since they are more prone to acept and forward the spam, so this isn't only a problem when your first MX is down.

Just my two cents
 

wlanboy

Content Contributer
SPF and DKIM are very important parts to not be even mentioned. And yeah, they aren't hard to setup *if you know you should*.


You clearly don't understand how Postgrey works. That 50 seconds is the time Postgrey will be dropping incoming email from a sender. The time you need to wait deppends on the sender's MTA configuration and can be several hours. If the MTA doesn't want to retry the delivery, you lost that email. And yeah, most modern MTAs try resending an email multiple times by default.


As I said, mi intention wasn't to trash your work at all. You simplified a complex setup and it's fine. I will maybe do an automated script myself, but that is going to take me some time, so I am not sure when it will be finished. Anyway, thanks for trying to help people to evade the big brother, really :)
At least you did not start a holy war for the daemons. Like exim vs postfix vs sendmail. ;)

Why did I start this tutorial? Right because of discussions like this.

But please don't tell me I am not knowing how greylisting is working. We do have different opinions on this topic and I am accepting your point of view. But I did not say that you do not know what you are talking about - because this is not an argument.

This debate (about greylisting) is old and both of our arguments are old too and at least used by our parents generation too.

Looking to your posts it looks like you know the pros and cons too:

PANIC! Everyone using your tutorial will loose all his emails!!!!
Changed to:

If the MTA doesn't want to retry the delivery, you lost that email.


And yeah, most modern MTAs try resending an email multiple times by default.
And yes all of my tutorials are about simplifying complex topics. I want to lower the barrier for everyone interested in running a service.

There are a lot of wikis that explain the full setup. And after someone is running ngix, openvpn or a mail server he/she will start to search for advanced topics too. They just have to be convinced that it is not magic but some config files.

Don't worry about my view on your intentions. I like to debate on pros and cons of every solution. I did not see your post as a bash - but don't think that "setting option A is bad" is enough to convince me :)

That means, running a backup server it's useful more than anything so you control when that mails are delivered when your primary MX returns.

This is important because many backup servers will accept emails for all addresses, existing or not on a domain, even all email for any domain at all. And if proper filtering isn't implemented, you end up with RBLs not working as they should when spam is forwarded to your main server, etc...
Second that.

Backup MX servers are not needed any longer and are quite a risk if you do not setup them in the right way. E.g. they are not a trusted source for emails (my_networks).
 
Top
amuck-landowner