Hi Thuban, On Sat, 2 Mar 2019 09:20:42 +0100 Thuban wrote: > On the server with the highest priority (lower MX), I must set "-M > nn.nn.nn.nn" where nn.nn.nn.nn is the IP of a lower priority MX?
Where nn.nn.nn.nn is the public IP of a fake backup MX server, which *DOES* have an SMTP daemon running, which 450/451 soft defers _ALL_ mail. > If there is more than 1 backup MX (lower priority), does the -M > flag can be called more than once? Just once, e.g: <hostmaster@palm:~ 0>$ dig Britvault.Co.UK MX +short 12 smtp.Britvault.Co.UK. <--- real primary MX 144 mx-backup.smtp.Britvault.Co.UK. <--- real backup MX 666 highlisting.smtp.Britvault.Co.UK. <--- fake backup MX The fake's public IP address needs to be another IP address, on a real MX machine (an alias or another network port). This sort of fake DNS MX record is called highlisting. (Works well with greylisting.) Having a fake primary DNS MX record is called nolisting. (Practically has to be on the real primary MX server. Doesn't work great with greylisting.) Greylisting is in between no & high listing. But it doesn't need more DNS records, more public IP addresses, a deferring daemon, nor TCP rejection on port 25. Yet it does introduce delays. There is also unlisting... All these tricks reduce spam, and all have operational problems. Nolisting + highlisting is a viable alternative to greylisting: Primary MX only: 57% (DNSBL: 98%) MX backup only: 20% (DNSBL: 90%) Nolisting + multiple fake highlisters killed 98% of spam for this bloke: http://blog.whitesites.com/Stop-Spam-with-fake-MX-records__633764658986714568_blog.htm Some articles to read:- http://wiki.apache.org/spamassassin/OtherTricks http://wiki.junkemailfilter.com/index.php/Project_tarbaby http://nolisting.org/ https://en.wikipedia.org/wiki/Nolisting http://www.junkemailfilter.com/spam/how_it_works.html Cheers, -- Craig Skinner | http://linkd.in/yGqkv7