Les Mikesell wrote:
On Fri, Feb 13, 2015 at 11:39 AM, Valeri Galtsev
<galt...@kicp.uchicago.edu> wrote:
Otherwise it accept junk that your primary rejects
Not exactly. If greylisting on primary is set, but on backup MX is not,
still what is killed by greylisting by primary MX, almost never will come
through backup MX. This is due to the same reason why greylisting is
efficient: it trows off all that doesn't behave as mail server (thus never
comes for re-delivery, and definitely doesn't try backup MX which real
servers always do even before attempt of re-delivery).
I'm not convinced. Spam is big business and trying a 2nd MX is cheap.
Still, it is good
to have the same greylisting on backup MX. And all other blows and
whistles.
Greylisting would be kind of hard to do right. You'd have to keep the
known-good senders in sync across the receivers. But my bigger worry
would be a dictionary-type attack on user names as recipients if you
don't have access to the real user list on the secondary. Aside from
the blowback of the bounces, if you've ever accepted an address it is
likely to get on lists of known-good spam and cause extra traffic
forever after.
In this case the secondary MX has the same RBL's etc etc as the primary.
I do see the spammers sending their junk to the secondary more than the
primary MX. Agree the secondary does not know the difference between
valid and invalid addresses.
Thoughts on my configuration?? I might just change the DNS name in the
secondary MX anyway.
Ken
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
