On Tue, Jul 16, 2002 at 05:28:07PM -0700, Chuq Von Rospach wrote:
Actually, the REAL state of the art is that they look up your MX records, and do this to the HIGHEST ranked one (not the lowest). This is on the (it turns out, quite valid) assumption that it won't be spamblocked as well as the main MX relay is, but will be validated to forward stuff in to you. And where they're trying that, we're finding it works (grumble grr) damn well.
My secondary MXes are locked down even tighter for that exact reason, and you should use exim4 with the callout feature where you will not accept an rcpt to until after exim has down a callout from your secondary MX to your primary one. (if the primary one is actually down, then you do accept the mail)
Of course, my secondary MXes do reject mail at SMTP time with SA-Exim :)
Marc
"A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key