Forums

Resolved
0 votes
How does greylisting work with backup MX servers? I am trying to get an understanding on how this works. The backup MX server is supposed to hold the mail if the lowest set mx record does not accept the mail due to it being down or whatever.... if the ClearOS server is the lowest MX record and it has greylisting installed and does not immediately allow the email in, does the email go to the backup MX mail server to hold the mail until the lowest MX record server is back online (ClearOS server)?

Is this essentially a continuous loop?

Thank you for any clarification.
Tuesday, August 09 2016, 02:12 PM
Share this post:
Responses (2)
  • Accepted Answer

    Tuesday, August 09 2016, 04:52 PM - #Permalink
    Resolved
    0 votes
    I'd like to expand this question a bit. I run fail2ban quite aggressively and it picks up on improper pipelining, no reverse DNS, too many lost connections and disconnects. I am not too bothered about the lost connections as they are incomplete transactions and presumably will incomplete on the MX Backup as well - but is it "fair" to push them over to the MX Backup. With the "disconnect from unknown", by pushing them over to the MX backup, they may well succeed there and, because I have to whitelist the MX Backup, they will still hit me by the back door? And so on. What happens in these cases?
    The reply is currently minimized Show
  • Accepted Answer

    Saturday, November 26 2016, 06:00 PM - #Permalink
    Resolved
    0 votes
    Answering my own question about the "disconnect from unknown", if I block them with f2b they should fail over to the mxbackup because they get no response from my server at all. Often spam ones won't try again. The mxbackup runs greylisting so initially responds with a "come back later" (450?) message. A well behaved server will do so and, as you ought whitelist the mxbackup, you end up receiving the message. Also the message from the mxbackup uses a valid e-mail conversation so won't get caught by the spam trap again.This does have the advantage that some valid messages you block do come in via the mxbackup. This happened to me recently with my registration e-mail from wifi@virgintrainseastcoast.com, which comes from an IP without a reverse DNS/PTR record which is naughty but the e-mail was genuine. I received it via the mxbackup.
    The reply is currently minimized Show
Your Reply