The think about spammers is that they try to deliver to as many people
as they can so coming back to try to get spam to my domains is a lot of
work then they can find other servers that are easier.
I also use it for load balancing. I have my biggest server cluster on my
lowest MX. But in some rare cases if the load levels start creeping up
what I do is start returning 4xx errors for certain countries or
blacklisted on lists that I can't count on being 100% reliable, or if
the load levels get really high it tells the sender to spill over to the
backup servers that are less loaded. I have 3 servers on the second tier
to process mail that is deferred by the primary server or if the primary
server dies or is otherwise offline. So just because one server might
return a 4xx error doesn't mean any other server will. All that means is
this server isn't ready.
And - there is the plain language of the MX specs that clearly say that
the reason there are higher MX records is for this reason. I guess I'm
confused as to who Qmail doesn't follow the spec.
So here's the problem. A server running qmail from what appears to be a
dynamic IP or a server running Qmail that has a bad reverse lookup tries
to email one of the domains that I process and gets a 4xx error on the
main server. All other MTAs try the secondary MX and it acceots the
message. But Qmail keeps trying the lowest MX and it eventually gives up.
Or - the main server overloads for some reason. (sometimes 4 gigs still
isn't enough ram!) so it throws up a 4xx to everything. All other MTAs
try the backup MX and the message goes through. But Qmail doesn't and
thus the message is delayed till qmail retries.
The bottom line is that there is a spec and it seems that Qmail doesn't
follow the spec. So what's up with that?
Uncle George wrote:
your analysis sorta reminds me of a child trying to get permission from
an adult. It mom says no, then there is always dad. When mom said no
way in hell, amongst (savy) parents that means absolutely no. In a
perfect world, there's no need to ask pop.
But if mom didnt reply ( ie out shopping ) , then the answer from pop
would be binding.
I suppose it all revolves around if u mean that the IP connection
failed, or the SMTP protocol failed would cause another MX record to be
used. My *opinion* is that if the IP connection failed, then another MX
can be tried until a connection is made. If the SMTP protocol failed,
then that answer is suppose to be good for all MX records. No need to
seek out another parent: sort-of-speek.
It would seem that if one server greylisted, then they all should
greylist. Just my *opinion* mind you. As eventually you will find that
the errant spammers will find the hole in your filtering scheme, and not
bother with the lowest, or highest, and just try them all until they get
what they want.
I'm curious as to why they ("people are telling me ") think that their
scheme is appropriate? All I see is that spammers will adapt to try all
MX records, wasting your bandwidth, and server time. And in your case,
having spam processed ( as I suppose, greylist is just the first
barrier ).
Marc Perkel wrote:
I'm not a Qmail user. I have a spam filtering operating where I do
front end filtering for about 3000 domains. Many of the servers that
send mail to my filtering network are running Qmail and there seems
to be a problem and I'm wondering if someone can address it. I'm
running Exim myself.
One of my tricks to filter spam is a gray listing like trick that
detects suspicious hosts and returns a temp error on the lowest MX
number. Spammers often don't retry but real email servers would, in
theory, retry the next level up in the MX chain and the secondary
server will accept the email.
Servers that I do this with include servers with no or bad reverse
lookup, Host names with pattens that look like residential machines,
and servers listed in black lists that are not reliable enough to
block, but usually are spammers.
The idea being the but profiling these servers and returning a temp
error (421) on the lower MX that the good servers who would be a
false positive would retry to a different server that would accept it.
But - it seems like servers who are running Qmail only send to the
lowest MX and don't retry the higher MX. Is this so? Or does it apply
only to old versions?
When Exim gets a temp error on the lowest MX it immediately retury
all the IP addresses of the higher MX servers. If they all fail then
the server wait for a period of time and tries them all in order
again. But people are telling me that Qmail is broken on this issue.
So - is this so? Can someone let me know how Qmail works on MX retries?
Thanks in Advance
|