[nSLUG] postfix config and half broken domains

D G Teed donald.teed at gmail.com
Wed Nov 28 14:27:38 AST 2007

On Nov 27, 2007 6:21 PM, Aaron Spanik <a.spanik at ns.sympatico.ca> wrote:

> Firstly, why is Exchange configured to try to send mails every minute?
> Is there no exponential backoff on mail that will not move?
> I'm sure I've seen a properly configured Exchange server that
> does not blindly and blithely hammer mail outwards just because
> it thinks it should.

Exchange config would be out of scope for this list, but anyway,
these suggestions were made, and it is something our admins
cannot figure out.

>  Secondly, are there that many people at your
> location who are sending mail to undeliverable addresses?  That
> seems........odd.

The new vogue thinking is "providing service" and with it has come
an insistence to use auto responders.  In the case of the radio station,
it was a domain change they did poorly and someone here was
still submitting sports scores to a list of people.

> On a more helpful note, is your Postfix server configured as a "Smart
> Host" for mail that is sent first to Exchange?  In the environment, it
> "should" be.  The problem with this is that mail FOR Exchange users
> FROM Exchange users will not leave Exchange.  And I don't know if
> there's a way to change that.  There probably is, but it may not be
> widely known.

I also suggested exchange be forced to use our SMTP outbound for everything,

and heard back: "that would defeat the whole purpose of using exchange"
I'm not sure what that means, but I left it at that.  For the same reason
I would expect a rejection of suggesting all Exchange users set up their
differently.  Yes, it is virus friendly to operate it that way, but
I've come to think that perhaps this is what Windows users like to see -
extreme sports and reality TV shows are not enough of a thrill.

I recommend you not turn off reject_unknown_recipient_domain as the
> queue will become your problem and you've probably already got enough
> to deal with in terms of the incoming mail queue and the SPAM scanning
> and the virus scanning and the hey, hey!

This check is turned off only on the outbound email.  After a day we have
30 messages held up with no useful MX, and most are from mail daemon.
I'll just make a clean up script for that.  The rest can bounce back to
the recipient.

The possibility of typos in domain names getting hung in the
postfix queue like this is there, but remote - most typos will cause
a bounce back in minutes  if the domain doesn't exist or the
recipient doesn't exist at the similar but wrong domain.

> The answer is to find the right settings for Exchange and possibly to
> re-visit site-wide email, how it's routed and how it works (e.g. nobody
> sends through Exchange; there are plenty of Fortune 500 companies who
> don't use Exchange for mail routing). There are lots of places around
> that do MS Exchange/MS AD consulting work and audits and
> recommendations are not as expensive as some people might think.  This
> is, of course, provided you're working on a team of people who
> understand that when things get complex and out of hand sometimes
> money must be spent and/or outside assistance must be brought in.
> Good luck ;)

I like the idea of people using our outbound smtp directly, but I'm almost
certain it will have to wait for regime change.  It reminds me of the joke I
to someone  here awhile ago when ITIL was being promoted:
"Change Management - is that a question or an answer?"

Thanks for the in-depth response and good thinking on this question.  You've
certainly hit on the directions which would be useful to pursue further,
at a later date...

Thanks again...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/mailman/private/nslug/attachments/20071128/411ec188/attachment-0001.html>

More information about the nSLUG mailing list