[Lula] Mail server ip changed issue.

Jeff Carlson jeff at ultimateevil.org
Thu Jun 29 15:18:17 EDT 2006 

Peter Benjamin wrote:
> 1) Copy all the filter rules from the main server to the back up server.
> This is a roll your own right now, and maybe you might find some open
> source that does it.  Anyone???  I have sendmail.  <g>

Well, RBLs are of course DNS based.  You can save access_db data (and 
aliases) in LDAP.  That assumes both mail servers can reach the same (or 
a synced) LDAP server which implies they're either in the same building 
or connected over a VPN, because I would no more expose LDAP to the 'Net 
than SNMP, even with SSL.  If they're both in the same building or LAN, 
then why does a condition which knocked out your primary MX not also 
knock out your secondary?  It could happen but that's another thing to 
consider.

Aside from LDAP you've also got CVS and cfengine.  Pete, this is the 
second time this week I'm telling you about cfengine.  It's starting to 
be a habit, you know.

> 2) Require your end users to have AV and spam filtering on their
> mail clients.

Sysadmin 101:  Never expect your end users to do anything right. 
Corollary, if you want something done right, you've got to do it your self.

I mean, true, especially Windows users should have AV and all that on 
their desktops, but unless you trust the person who configured it to get 
it to update properly, I don't count on it.  Still, it is another layer 
of protection and that's a good thing.  Just hope it's working right.

> Jeff, btw, is known as the best, lazy administrator in SoCal.
> So, his opinion of no backup mail server just means he is
> spending his time doing other, higher quality things with
> his spare time.  Kudos to Jeff.

Wow, an endorsement like that I should put on my resume.

> Until the Western Electrical Grid goes out again for several
> days, and he is not getting any email, and all the mailing
> lists he has subbed are getting hard bounces and unsubbing
> his email address.  Or lessor mishap.  <g>  Like the cat
> decides to relieve himself on his mail server, which is
> also his only DNS server for his domain names.  (Is it Jeff?)

Well, if the whole grid goes out, I'd be screwed unless my secondary MX 
were in a different state and I don't know anybody on the east coast 
willing to relay for me.  Well, willing and able, I know a guy but he 
doesn't have a mail server.  That's beside the point.  But no, I have 
two DNS servers and they're on different machines.  (Actually I just 
stuck my records on the servers at my old work.  I should move them. 
Don't tell.)

I did get unsubbed from the LILAX list a while back but it was because I 
bounce any message that's text/html only.  Somebody on that list has a 
misconfigured client and sent four or five messages like that in one 
day.  I could go off on how sending HTML email, especially to a mailing 
list, is rude, and even more so without a text/plain portion, but that's 
another topic altogether.  (Actually I see similar bounces on most of 
the lists I'm on.  Fix your clients, people.  I don't know who it is, 
because I never receive the message.)

But I actually have a different plan for what to do with a secondary MX. 
  Since I already mentioned spammers will send directly to the 
secondary, skipping the primary, I had a plan to make that work for me. 
  I'm thinking of setting up a secondary that is nothing but a spam 
trap, using OpenBSD's spamd, which tarpits all incoming connections, 
throttling them down to one content byte per packet, and then soft-fails 
when the message is done.  Since this would be at my house then yes, any 
reason someone couldn't reach the primary would affect the secondary as 
well, so I'm not really worried about legitimate messages being sent to 
the spam trap.
_______________________________________________
Lula mailing list
Lula at lula.org
http://www.lula.org/mailman/listinfo/lula

More information about the Lula mailing list