Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 23 Jun 2003 10:14:34 -0500
From:      Dan Nelson <dnelson@allantgroup.com>
To:        Brett Glass <brett@lariat.org>
Cc:        questions@freebsd.org
Subject:   Re: Eliminating "noise" from secondary MX
Message-ID:  <20030623151433.GB48420@dan.emsphone.com>
In-Reply-To: <4.3.2.7.2.20030623083909.02be3c50@localhost>
References:  <4.3.2.7.2.20030623083909.02be3c50@localhost>

next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Jun 23), Brett Glass said:
> Here's more detail. A spammer sends to a nonexistent address in a
> domain for which the host is a secondary mail exchanger. Many
> spammers' software is actually set up to use secondary mail
> exchangers rather than primaries, because they're less likely to have
> effective antispam software running. (Even if they use public
> blacklists, they rarely use a blacklist or whitelist provided by the
> domain for which they're a secondary.)
> 
> The secondary mail exchanger tries to send the message on to its
> destination, but the mail is bounced by the primary mail host (either
> as spam or because it has been sent to an invalid address). So, the
> secondary dutifully tries to notify the sender that the message
> didn't get through.
> 
> Of course, the "From:" and "Reply-to:" headers of the spam contain
> either a completely bogus address or one that has quickly been shut
> down due to spamming. So, the host, not knowing what else to do,
> sends a notice to Postmaster, saying that the notice to the sender
> could not be delivered.
> 
> What's the easiest way to suppress this resource-consuming, mailbox 
> clogging chain reaction?

I make sure my secondary MX has the same filtering setup as the
primary, and set it up so email from one MX to the other isn't checked
again.  You can set spamassassin up so it uses a SQL backend for its
user rules which makes it easy for multiple machines to filter mail the
same way.  I've never done this, though, so I don't know how easy it is
to make it work when you're secondarying for multiple domains.

You could always make the secondary run with much tighter spam checks
than the primaries, as a penalty for spammers that try it first :)

-- 
	Dan Nelson
	dnelson@allantgroup.com



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030623151433.GB48420>