Date: Wed, 11 Jan 2017 20:05:49 -0800 From: Kurt Buff <kurt.buff@gmail.com> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: spamassassin not lethal anymore Message-ID: <CADy1Ce4q5WmubxzUymOCLttpO56vcVK8h%2BA%2BdUyTur8q8iZNAA@mail.gmail.com> In-Reply-To: <cde3f2ed-7b2d-8907-c7f7-f137e4d5a96d@pinyon.org> References: <2463a238-e10f-e81d-cab1-5a7eaf774590@pinyon.org> <20170111210507.2dc39818c6e9d439abb21ee6@sohara.org> <8016faa3-5af4-6c2d-acdf-9b02f7f1afc8@pinyon.org> <CADy1Ce5Q5cvhb5SKS8QzN_yFQnhCYu12dZVDup_ipw-o3%2Bw_vg@mail.gmail.com> <cde3f2ed-7b2d-8907-c7f7-f137e4d5a96d@pinyon.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 11, 2017 at 5:34 PM, Russell L. Carter <rcarter@pinyon.org> wrote: > On 01/11/17 17:24, Kurt Buff wrote: >> >> Snippety snip... >> >> On Wed, Jan 11, 2017 at 4:13 PM, Russell L. Carter <rcarter@pinyon.org> >> wrote: >>> >>> On 01/11/17 14:05, Steve O'Hara-Smith wrote: >>>> >>>> >>>> On Wed, 11 Jan 2017 13:45:47 -0700 >>>> "Russell L. Carter" <rcarter@pinyon.org> wrote: >>>> most of it botnet sourced. I've pretty much eliminated it now by a >>>> combination of installing dcc and razor plugins to spamassassin (reduced >>>> the spam getting through by 70% or so) and adding a backup MX with a >>>> free >>>> service that only accepts messages to relay when the primary is down >>>> (it's >>>> amazing how much spam stopped coming in when I did that). >>>> >>> >>> I'm not sure what you mean here, can you elaborate a bit more? I can >>> do anything I like with my MX hosts so I'm game. I *think* I'm >>> already doing that. I have multiple domains, and so I have a primary >>> MX and a couple of backup MX hosts (one of which is effectively a >>> passive dovecot replicator, lordy that works fantastic). The backup >>> MX hosts are lower priority than the primary. Are you doing something >>> different? >> >> >> A secondary MX that refuses mail when the primary is up and running >> foils one of the favorite tactics of spammers - they will often target >> the secondary MX because those are often not as up to date with >> anti-spam measures. Most spambots try one MX, one time only. >> >> Many spambots will try that secondary MX, get refused with a 4xx >> error, and not bother to try the primary MX at all. >> >> It can be a big win, in the right situation. > > > Ah. Awesome. How do I do that? > > Russell As Steve O'Hara Smith wrote, there are free services that can do that. Perhaps he can mention which one he uses. But, if you have a spare public IP address, I suppose you could set up another MX with postfix and have it respond to all inbound with a 4xx. Greylisting, as someone else mentioned, is probably a really good alternative - that responds with a temp fail message, and again most spambots won't try again. Kurt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADy1Ce4q5WmubxzUymOCLttpO56vcVK8h%2BA%2BdUyTur8q8iZNAA>