Prev: How do I run a program for any/all possible email address at my domain? (Probably dumb question)
Next: Stats comp.mail.sendmail (last 7 days)
From: Pete Rossi on 21 Jun 2008 18:21
I am running Slackware 12.0 sendmail 8.14.1 on two servers 'mail1' and 'mail2'.

My intention was that 'mail2' would be a backup server for 'mail1' that
should only get mail sent to it if the primary mail server 'mail1' was
down. So I have 2 MX records my DNS configuration:

IN MX 1 mail1.mydomain.
IN MX 50 mail2.mydomain.

Generally mail is working just fine but I see a lot of SPAM being received
(and rejected) on the 'mail2' server and occasionally legitimate mail will
end up on 'mail2' even though though 'mail1' has been continuously up.

The headers of mail that ends up on 'mail2' have no mention of 'mail1' in
them, which I guess is normal. All of the mail is addressed to
users(a)mydomain as they should be. I can force mail to go to 'mail2' if I
address it to user(a)mail2.mydomain

Something about this does not seem right to me. I was expecting that as
long as the primary server 'mail1' was up, then nothing should ever be
processed by 'mail2'. At one time I thought that the mail ending up on
'mail2' was SPAM that was rejected by 'mail1' but I am not so sure about
this lately.

Any ideas what is going on? Is this normal?

----

From: Rob MacGregor on 22 Jun 2008 17:31
Pete Rossi unleashed the infinite monkeys on 21/06/2008 23:21 producing:
> I am running Slackware 12.0 sendmail 8.14.1 on two servers 'mail1' and 'mail2'.
<---SNIP--->
> Generally mail is working just fine but I see a lot of SPAM being received
> (and rejected) on the 'mail2' server and occasionally legitimate mail will
> end up on 'mail2' even though though 'mail1' has been continuously up.

But that doesn't mean that the sending server could reach mail1, hence
why it sent the email to mail2 instead.

--
Rob MacGregor (BOFH)

Rule 37: "There is no 'overkill'. There is only 'open fire'
and 'I need to reload.'"
From: Bill Cole on 22 Jun 2008 22:47
In article <485d7ed1$0$18942$cc2e38e6(a)news.uslec.net>,
pete_v4l(a)mail.pjrnet.com (Pete Rossi) wrote:

> I am running Slackware 12.0 sendmail 8.14.1 on two servers 'mail1' and
> 'mail2'.
>
> My intention was that 'mail2' would be a backup server for 'mail1' that
> should only get mail sent to it if the primary mail server 'mail1' was
> down. So I have 2 MX records my DNS configuration:
>
> IN MX 1 mail1.mydomain.
> IN MX 50 mail2.mydomain.
>
> Generally mail is working just fine but I see a lot of SPAM being received
> (and rejected) on the 'mail2' server and occasionally legitimate mail will
> end up on 'mail2' even though though 'mail1' has been continuously up.
>
> The headers of mail that ends up on 'mail2' have no mention of 'mail1' in
> them, which I guess is normal. All of the mail is addressed to
> users(a)mydomain as they should be. I can force mail to go to 'mail2' if I
> address it to user(a)mail2.mydomain
>
> Something about this does not seem right to me. I was expecting that as
> long as the primary server 'mail1' was up, then nothing should ever be
> processed by 'mail2'. At one time I thought that the mail ending up on
> 'mail2' was SPAM that was rejected by 'mail1' but I am not so sure about
> this lately.
>
> Any ideas what is going on? Is this normal?

It depends on what exactly you mean by normal, but it certainly is
common and something you have to expect if you publish multiple MX
records: the higher-metric ones will all be offered a significant amount
of spam and often a trickle of legitimate mail.

The spam is easiest to explain: spammers intentionally target the
secondary because in many cases a secondary will have weaker spam
controls.

The legitimate mail is less easily explained, but one component is that
there are some senders who are very sensitive to any sort of delay and
will give up early on a slow primary MX and immediately try the
secondary. It is also a reality of the Internet that connectivity holes
really do still happen. Since any primary/secondary setup worth having
will have the secondary on a different network from the primary, a very
short intermittent problem between a particular sending host and the
primary can make mail go to the secondary.

One way to prevent this if you are committed to the idea of having a
secondary MX is to have monitoring that watches the primary and only
brings up the MTA on the secondary when it can't see mail flowing on the
primary.

--
Now where did I hide that website...
 | 
Pages: 1
Prev: How do I run a program for any/all possible email address at my domain? (Probably dumb question)
Next: Stats comp.mail.sendmail (last 7 days)