-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 At some point hitherto, Paul Iadonisi hath spake thusly: > What about secondary MX services? When a provider offers secondary MX, > as my home DSL provider does, it is now necessary that all mail received > for my domain on my provider's mail server be accepted for relaying and > queued until my machine comes back up.
Yup. > Obviously, this isn't a *wide open relay*, but it does allow relaying *from* > anywhere. And as the provider offers secondary MX to more and more domains, > the server may never be a truly wide open relay, but the effect might end > up being the same, or pretty close. Hardly. An ISP has a very finite number of customers. In general I suspect they don't handle secondary MX for the vast majority of their customers; they only do this for a subset of (usually business) customers that require this service. If your ISP is accepting mail on behalf of your domain, the mail would have been delivered to you anyway, directly, if your server was available. This is not the same as if someone were using their server to forward mail to thousands of users at random domains or at domains that your ISP does not serve. An open relay will allow them to send mail to ANYONE. Under the circumstances you describe, the spammer will receive a large number of bounces (even if some messages do get delivered), and will stop using that server. One point though: While I'm definitely against open relays, closing them up will not really eliminate the problem. All it will do is cause spammers to have their own Linux box running sendmail that will allow them to send their spam. Or become otherwise more resourceful. What eliminating open relays really does is make it easier to find out where the spam is really coming from, and go after the bastards that are sending it out. A possible alternative solution for small businesses is pay some Colo to house a back-up web/mail server, and not use your ISP for secondary MX at all. All but the poorest businesses should be able to afford such a service, and it's a good idea to have something like this from a disaster recovery perspective anyway... None of these defeat a spammer who uses their own mail server, or legitimately uses the mail server of their ISP. The mail will all be delivered to you directly, regardless of where your secondary MX is. - -- Derek Martin [EMAIL PROTECTED] - --------------------------------------------- I prefer mail encrypted with PGP/GPG! GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu Learn more about it at http://www.gnupg.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8i+emdjdlQoHP510RAgfMAKCfq0BLXsdQLcPFYB8yOLn1ofwsowCeMeqm 31B5hLBTfQLCkeyg3odxUCA= =6jMn -----END PGP SIGNATURE----- ***************************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *****************************************************************