SMTP Mail forwarding instead of MX?

This is something I am looking to do but haven't a clue how to do it

 

Some would call that "ETRN" - especially old Sendmail folks. It's nice in theory, but unless your spam filtering MX knows the actual email accounts that exist on the destination server, it has to accept ALL mail for that domain (legitimate, nonlegitimate, specifically addressed and nonexistent alike). As soon as somebody sends a gazillion messages to every guessible name @domain, the server suddenly dies because of the extreme load - again because it has to accept mail for ALL email addresses (existent or not) and then try to forward them.

Your scenario would mean:
I could send 20,000 messages to a combination of email addresses @domain.com (none of which exist) - the server would have to accept them all, spam-process all of them, then try to forward them to the recipient mail server. If the recipient mail server is down, your mail spool gets HUGE and your machine dies (if it hasn't already died from the spam processing). If your server then sends the mail to the recipient server and only 1 out of the 20,000 email addresses is a valid email address, the recipient mail server rejects the messages, forcing your system to generate bounce messages back to the 19,999 senders (most likely forged).

So you have HUGE spam processing load, HUGE amounts of spam to nonexistent email addresses which have to get processed, HUGE numbers of bounces, blacklisted MX, etc., etc.

ETRN was smart 15 years ago - but times have changed. The only way you shoudl attempt to have a 'backup' MX is if the backup MX truly knows of the existence of ALL email accounts on the recipient server so that it can properly reject incoming email send to nonexistent_addresses@recipient_domain.com.

Mike

 

You can use an exim smart router to do this very easily:

http://forums.cpanel.net/showthread.php?t=18201

 

ANY domain can get hit with a wave of spam. It doesn't matter if they usually get only 2 emails a day. Spammers don't care.
They simply go through a list of domain names, and send a dictionary attack sending emails to every name that has ever existed since dinosaurs were around.

If you haven't been hit by one yet, you are either lucky, or you have settings to prevent a dictionary attack.

As for catch-all mailboxes, there's enough written about how bad they are.
For those accounts that need to use their exchange server, but want the benefit of the spam filtering, I have them use the POP3 retrieval, but then I also have them setup up forwards for each mailbox they have in exchange. This allows my server to reject any misaddressed emails.

 

Just so you know - When we have a customer who absolutely needs to use us as the primary MX but they are using a local mail server on their LAN, if they want to have a catchall alias we forbid it.

Instead, we tell them - set up one POP3 account, and then set up a forwarder for each valid email account you want to receive email for and forward it to the POP3 account. This way our servers still only have to accept mail for valid addresses.

Of course, we also notify them that if they add or remove email addresses on their Exchange server (or whatever mail server they are using on their LAN), then they need to also add or remove the corresponding email address on our server.

Mike

 

Exactly... I posted my last response before I read yours, so I ended up repeating what you said... This definitely works well enough, if one must do it at all.

Mike

 

Yes. But you wrote it so much betterer.