[fedora-list] Primary and secondary sendmail servers

[Rich Mahn]

Chris Adams <cmadams at hiwaay.net> wrote:

[snip]
> You really need the secondary to have some way of knowing all the valid
> recipient addresses at the domain (and have any spam filtering
> configured to match), so it doesn't accept mail that the primary
> wouldn't.

> This is more complicated; for sendmail, you have to write a few custom
> rulesets (not really very much).  The bigger issue is that you need some
> way for the secondary to know the valid addresses on the primary; the
> usual way is to have all users, aliases, etc. in LDAP (and replicate the
> LDAP to the secondary).

I use sfm-sav to verify the recipient addresses.  It works by querying the
server and caching results.  It can be used for both recipient and sender
addresses, but most of the junk I get is the millions of generated recipients,
so this nicely refuses them at the seconday.  It integrates well with sendmail,
requiring only minor updates to sendmail.mc.  Unfortunately, the package is
not part of the fedora family, as far as I can tell, but it is available at
sourceforge.  Seems to me I had to do some minor tweeking.  There are interface
problems with selinux.  I've written a script that handles them and will be
glad to send my updates to anyone interested.  The "use at your own risk" caveats
apply, of course.

I would also recommend milter-greylist.  This package is available via the
standard fedora repositories.  This greylisting cut our incoming e-mail
(almost all of it spam) down by about 95%.