-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 02 Oct 2006 22:06:53 +0000, Per Hedeland wrote:

> Hm? As has been pointed out before here, a backup MX server is the one
> place where "SMTP-ahead" (I assume this is what is being discussed) is
> less than ideal (understatement:-) - the point of having a backup MX (if
> any) is that it should accept mail when the primary MX is down, and then
> "SMTP-ahead" will not work...

There are good arguments for NOT having any backup MX machines, but if,
for whatever reason, you have a backup MX machine(s), then they should
have some mechanism of knowing the actual valid users. LDAP is one nice
mechanism, but if, for whatever reason, you don't or can't use LDAP, then
something like smtp-ahead is useful. It also has one advantage over LDAP,
in that if the primary machine will, for policy reasons, claim 'no such
user' for some senders but not for other senders, then smtp-ahead can
properly give that same answer on the backup MX, where with LDAP, the
backup MX only knows that the target user is valid.

Of course, when the primary MX is not reachable from the backup MX, then
my implementation of smtp-ahead simply accepts the mail on the backup
machine. This is similar to the problem of the LDAP server not being
reachable from the backup MX. In that case, presumably you want to either
accept the mail for later relay, or temp-fail it with a 4xx error code.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFFId0lL6j7milTFsERArLPAJ4huXelbC4Rys5YDXmckt vTGTvCnACdEphV
9OWKQ/45j5Snu979f1SDpZw=
=eicX
-----END PGP SIGNATURE-----