Prev: !!Re: AD replication issue!!!
Next: SBS migration 2k3 to 2k8 - Public Folders - Move all replicas error
From: Joe on 26 Feb 2010 07:01
ChrisUK wrote:
>
> Cliff> I totally see your point of view. I guess there is no clear right and
> wrong with this, just what works best for each scenario.
>
>

One other point worth mentioning about backup MX services, is that while
some allow you to register a list of users (which you need to keep up to
date), many do not. If an SMTP server doesn't have a valid user list, it
must accept mail for the entire domain like a domain-wide POP3 server.

This means that when the mail reaches a mail server which does have a
valid user list, that server must generate NDRs for invalid users, and
unless it has very good spam recognition, it will either propagate NDR
spam or fail to send NDRs to people who genuinely need to see them.

--
Joe
From: Cliff Galiher - MVP on 26 Feb 2010 15:27
Just for the record, there is a third option. The better backup MX services
use pass-through email verification This means that they attempt to contact
the primary server (in this case our SBS server) and will relay the TO
address to the primary server. If the primary server rejects the email then
the backup MX service will also reject the email at connection time instead
of waiting for the rejection and associated NDR later.

If your primary server is down then obviously this does no good and yes,
NDRs will likely get generated. But it does close a significant hole of
abuse where spammers used to intentionally contact lower priority MX servers
even when the primary server was up. They'd do so on the assumption that
the lower priority servers are backup servers and use them to get around
directory lookups. The implementation above closes that loophole.

-Cliff


"Joe" <joe(a)jretrading.com> wrote in message
news:Ow0WotttKHA.4636(a)TK2MSFTNGP06.phx.gbl...
> ChrisUK wrote:
>>
>> Cliff> I totally see your point of view. I guess there is no clear right
>> and wrong with this, just what works best for each scenario.
>
> One other point worth mentioning about backup MX services, is that while
> some allow you to register a list of users (which you need to keep up to
> date), many do not. If an SMTP server doesn't have a valid user list, it
> must accept mail for the entire domain like a domain-wide POP3 server.
>
> This means that when the mail reaches a mail server which does have a
> valid user list, that server must generate NDRs for invalid users, and
> unless it has very good spam recognition, it will either propagate NDR
> spam or fail to send NDRs to people who genuinely need to see them.
>
> --
> Joe

First  |  Prev  | 
Pages: 1 2
Prev: !!Re: AD replication issue!!!
Next: SBS migration 2k3 to 2k8 - Public Folders - Move all replicas error