Backup mailserver emails are dropped
Question asked by Gijs van der Velden - 5/31/2015 at 3:25 PM
I've recently noticed that some of the incoming mail is being dropped, from certain domains.
I had two mx records,
1. my smartermail server with greylisting
2. a backup mx server provided by my domain registrar.
What happened is that because of the greylisting some of the mail would go to the 2nd mail server.
This mail would then be send to my smartermail server from the 2nd mail server.
This mail appears to be dropped because it came from my 2nd mail server and not from the original mail server.
I assume this happened because of dmarc and or spf rules.
I've currently disabled greylisting, but if my mail server go's down those mails would still be dropped.
How can I configure a server as a trusted backup mail server in smartermail? (so that dmarc and spf rules are ignored when mail comes from that server)

3 Replies

Reply to Thread
Bruce Barnes Replied
The backup MX server is not properly configured.
Greylisting should never send anything to a backup MX server.
Bruce Barnes
ChicagoNetTech Inc

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
CCWH Replied
I'd say the sending mailserver MX isn't correctly configured in some way, however I have seen incoming mail be asked to retry in x seconds and it then jump straight to the backup MX and retry there instead. I only saw this on Friday with an incoming domain migration. Where we had our main MX (0), backup MX (10) but incorrectly left the old MX (20) within the records. We saw a test mail from Outlook.com try MX 0, then MX 10, both being asked to retry in 60s due to greylisting.... The mail then ended up being delivered to the old mail server (MX 20). To the OP, I would suggest adding your providers backup MX to your smartermail backup MX configuration: https://portal.smartertools.com/kb/a2668/configure-smartermail-as-a-backup-mx-server.aspx
Kyle Kerst Replied
You may be at the mercy of an external mail server with short retry limits. If the remote mail server is configured to try once, then fail over to backup MX, you'll continue to have this issue so long as greylisting is enabled on the primary. Greylisting is a great antispam addition, but if you're having issues like this I would suggest shoring up existing antispam options, then drop greylisting or shorten the interval. SmarterTools offers MessageSniffer as an antispam addon, and I've seen it do wonderful work all on its own as well. 
Kyle Kerst Cameron Solutions LLC www.cameron-solutions.com

Reply to Thread