relaying denied

[Cowles, Steve]

olga at urbantimes.net wrote:
> So for those entries (with higher and lower MX) in the DNS setup to
> work correctly, I would need to configure /etc/mail/relay-domains and
> /etc/mail/mailertable and setup mailboxes for the users on Y to allow
> mail to be picked up by the lower priority MX in case something is
> wrong with the primary MX, otherwise the lower priority entry of the
> MX record does not do anything -- is this correct?
> 

Obscurity in posts = <Groan!>

Olga,

If you indeed have two MX records for a single domain like...

mydomain.com        1d      IN      MX 1    hosty.mydomain.com.
mydomain.com        1d      IN      MX 2    hostx.mydomain.com.

Then...

Hosty:
1) Should have the physical mailboxes for all users in mydomain.com
2) The domain name "mydomain.com" should be listed in
/etc/mail/local-host-names.

Hostx:
1) Should not have any physical mailboxes for mydomain.com.
2) Should have mydomain.com listed in /etc/mail/relay-domains
3) Should have the following entry in /etc/mail/mailertable:
     mydomain.com   esmtp:[hosty.mydomain.com]

NOTE: The brackets are required to stop sendmail from using DNS to look up
the MX records for final delivery. This would cause an MX loop without the
brackets.

4) Should have a complete list of valid mailboxes for hosty so that if an
e-mail does come in for mydomain.com on hostsx, it can reject it instead of
sending a DSN back to a forged address. Thus clogging up your mail queue. I
do this using LDAP queries, but you could create a list of virtual users to
compensate.

Repeat the above for each domain that you moved.

The above is just the minimum that is required to implement a backup MX
server. You would also need to configure both the primary/backup sendmails
to reject/accept/rbl inbound e-mail identically.

Steve Cowles