At 04:00 PM 7/5/2005, you wrote:
On Tue, 2005-07-05 at 09:42 -1000, Randy Bush wrote:
Should undeliverable email (5.1.1, User unknown) be directed to /dev/null rather than responded to?
one current fashion is to try to catch it as early in the smtp receipt process as possible and reject the mail to the smtp sender. this gives the rejection to the real source as opposed to the joe job name.
Thanks Randy,
It just dawned on me that rejects are in fact occurring early in the receipt process on the primary MX. This is nicely done via Sendmail's virtualusers table having a complete and accurate list of who is valid for the domains handled by that MX.
However, is seems the problem is over on the secondary MX (Postfix) which only has a list of legit relay domains for pMX. When pMX is back online sMX fwds it's queue, but at that point pMX rejects to sMX...who then rejects to Sender. I'm not sure how I can get away from that happening.
Use something like LDAP to do the lookups on the primary, or rsync over files so you can do the rejects on the secondary, perhaps. Given you said in another message your primary freaks on occasion, I guess the LDAP would need to be to some third server. Generally there's little reason to run a secondary MX. Email will queue if the sole MX is offline or unreachable. Email will queue at senders' mail servers. Also note that spammers like to use higher-ordered MX's as a way to get spam injected, probably the best argument for not bothering to run secondaries.