Not linux-specific persay, but mail and DNS servers can and do run in Linux, so I figure I'm more on-topic than usual. I'm curious what opinions others have, especially negative about a strategy to prevent spam from coming into your mail server. I've read a couple suggestions which make a good deal of sense to me, but just feel wrong.
1 - Set a fake MX record for a nonexistent server, or for a server that won't listen on port 25 for your _highest_ MX value. Since a lot of spam will skip your lowest MX (primary) right away for a less-loaded backup MX with potentially less reliable spam filtering in place, the assumption is that a lot more spam will make it through a backup MX. I've already confirmed that that does happen a lot. The theory here is that by setting a non-operational backup MX record, spam bots will try and then give up on sending spam your way. Real mail should never try the fake MX record unless all your real mail servers are down, in which case, you've got other issues to worry about. 2 - Set a fake MX record for a nonexistent server, or for a server that won't listen on port 25 for your _lowest_ MX value. Essentially, this would make it look like your primary mail server is always down and every incoming message would have to get retried to your first "backup" MX. Again, the assumption is that spam bots will give up after failing to send to the first MX they try, whereas real email will try your next higher MX record in priority until it completes a delivery. I'm curious if others have implemented these strategies and if they've ever gotten complaints from other mail administrators for any increased load. I can't imagine it would be noticed honestly and the logic of making it work sounds promising, even if it is just a pretty bad hack to fool spam bots. Has anyone ever run into problems with this sort of arrangement? -N _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
