Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Backup-Mailserver and Delivery Notifications
  •  
Mark_und_Pfennig

Messages: 26
Karma: -1
Send a private message to this user
Hello,

I have the following szenario with domain abc.com:

Exchange 2003 on IP 1.2.3.4 which is primary MX in DNS
Kerio on IP 5.6.7.8 which is secondary (lower, backup) MX in DNS

Idea is that if the Exchangeserver is down kerio should collect the mails.

In Kerio I have a forward in the domain abc.com that all messages are directly send to the Exchange-Server.

A lot of spammers sends to random addresses. If they send to the exchange-server in the process of the smtp-delivery the exchange-server detects that the user doesn't exists and then stop immediatelly the process of receiving the mail to avoid misrouted bounces as described in http://www.spamcop.net/fom-serve/cache/329.html.

But if a mail is send to the backup-server (kerio) the backup-server always accepts this mail and later forward it to the exchange-server. The exchange-server detects an invalid address and stops the smtp-delivery. Now Kerio generates a bounce-message that the mail could not be delivered and because spammers chose random sender-addresses innocent people gets flooded with our bounce-messages.

I know I could avoid this simply if I create all Exchange-users in Kerio but then I need a 500-user-licence Sad and that's no options for me.

How could I solve this problem?

Thanks

Stefan
  •  
freakinvibe

Messages: 1529
Karma: 60
Send a private message to this user
You should setup your backup server in a different way:

http://kerio.co.uk/manual/kms/en/sect-example5.html

The Exchange server (once it is operational again) must trigger the ETRN command to get all the messages from KMS that it has missed while it was down.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Mark_und_Pfennig

Messages: 26
Karma: -1
Send a private message to this user
Hello,

ok, let's assume that the exchange-server triggers the etrn to kerio when it is up again. In the meanwhile 20.000 SPAMs arrived in the catchall of the domain on the kerio. Exchange gets all and for 19.999 it generates delivery bounce messages and I have the same problem as at the moment...

Or have I missed something?

Thanks

Stefan
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
There is no way that I'm aware of to stop the bounce messages, unless the backup MX server is aware of all of your valid addresses. With no knowledge of valid addresses, the backup MX server accepts everything. A non-delivery receipt is required for mail that can't be delivered. By accepting all of that mail, your server becomes responsible for handling those notifications instead of the sending server. If you don't want to generate the bounces, you have to somehow make your backup MX server aware of your valid addresses so it will not accept and queue mail for invalid recipients.

Scott
  •  
freakinvibe

Messages: 1529
Karma: 60
Send a private message to this user
Quote:

Exchange gets all and for 19.999 it generates delivery bounce messages

You have to prevent the NDRs on the Exchange server in this scenario.

BTW, you should also enable Anti-Spam on KMS. Spammers often only use higher MX records, because backup servers are mostly less protected.

That's why we don't use a backup server. SMTP servers are configured in a way that they can cope with a receiving server being down, at least if it is not longer than 24 hours. Some even try resending up to 5 days.

So why bothering with a backup server? This only makes sense if you have two servers with the same software that are configured exactly the same.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: Uninstall KOC
Next Topic: Licence user count exceeded?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Sep 23 03:49:35 CEST 2017

Total time taken to generate the page: 0.00381 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.