Our back end MX is a sendmail server which has relay from MX disabled. dnl FEATURE(relay_based_on_MX)dnl
Also RBL has been implemented.. FEATURE(`dnsbl', `bl.spamcop.net', `"450 Mail from spam source " $`'&{client_addr} " refused - see http://spamcop.net/bl.shtml"') FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `"450 Mail from spam source " $`'&{client_addr} " refused - see http://www.spamhaus.org"') FEATURE(`dnsbl', `dnsbl.sorbs.net', `"450 Mail from spam source " $`'&{client_addr} " refused - see http://dnsbl.sorbs.net"') BUT Still my backup email server ( sendmail server ) does not block the SPAM IPs listed in above RBLs..( while Gateway does !! ) I am clue less.. what could be the problem ?? regards anil On Thu, 2004-08-05 at 16:21, Varun Varma wrote: > anil bindal wrote: > > Thanks. > > > > Headers of SPAM emails show that emails are at times delivered directly > > to our email server > > > > MX record for Email server is must to act as back up in case of SMTP > > gateway failure. > > > > Solution being used is from Symantec. > > <snip> > > Sending mails directly to the backup MXs, instead of the primary one, is > a very popular way amongst spammers to avoid spam detection. The gist is > that they know that this is a very common setup - primary MX has spam > filtering and the backup MXs don't and, frequently, the primary MX > accepts mails from the backup MXs blindly, i.e. they trust the backup > MXs and don't filter mails from the backup MXs. Also, backup MXs > generally don't check for the existence of user accounts [unless you > have call forwards enabled] or quota limitations, so they accept any/all > mails for a domain blindly. > > Spammers exploit this setup and send mails directly to the backup MXs. > > Solution: Run spam/anti-virus filtering on all publically exposed MXs. _______________________________________________ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/