Re: [ilugd] Sendmail Question

Thu, 05 Aug 2004 04:11:50 -0700 

Our back end MX is a sendmail server which has relay from MX disabled. 

 dnl FEATURE(relay_based_on_MX)dnl

Also RBL has been implemented..

FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from spam source "
$`'&{client_addr} " refused - see http://spamcop.net/bl.shtml";')
FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"450 Mail from spam source "
$`'&{client_addr} " refused - see http://www.spamhaus.org";')
FEATURE(`dnsbl', `dnsbl.sorbs.net', `"450 Mail from spam source "
$`'&{client_addr} " refused - see http://dnsbl.sorbs.net";')

BUT

Still my backup email server ( sendmail server ) does not block the SPAM
IPs listed in above RBLs..( while Gateway does !! )

I am clue less..

what could be the problem ?? 

regards
anil



On Thu, 2004-08-05 at 16:21, Varun Varma wrote:

> anil bindal wrote:
> > Thanks.
> > 
> > Headers of SPAM emails show that emails are at times delivered directly
> > to our email server
> > 
> > MX record for Email server is must to act as back up in case of SMTP
> > gateway failure.
> > 
> > Solution being used is from Symantec.
> 
> <snip>
> 
> Sending mails directly to the backup MXs, instead of the primary one, is 
> a very popular way amongst spammers to avoid spam detection. The gist is 
> that they know that this is a very common setup - primary MX has spam 
> filtering and the backup MXs don't and, frequently, the primary MX 
> accepts mails from the backup MXs blindly, i.e. they trust the backup 
> MXs and don't filter mails from the backup MXs. Also, backup MXs 
> generally don't check for the existence of user accounts [unless you 
> have call forwards enabled] or quota limitations, so they accept any/all 
> mails for a domain blindly.
> 
> Spammers exploit this setup and send mails directly to the backup MXs.
> 
> Solution: Run spam/anti-virus filtering on all publically exposed MXs.
_______________________________________________
ilugd mailinglist -- [EMAIL PROTECTED]
http://frodo.hserus.net/mailman/listinfo/ilugd
Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi 
http://www.mail-archive.com/[EMAIL PROTECTED]/

Reply via email to