[email protected] said: > The problem occurs when a "foreign" client uses my backup MX relay machine. > This machine is part of my own network, so it gets included in the primary > server's $mynetworks (via 'mynetworks_style = subnet'). Unfortunately this > seems to cause my > smtpd_client_restrictions = permit_mynetworks, > check_client_access ...dspam... > to permit the message without triggering the dspam filter.
You need to duplicate the anti-spam filtering on any backup MXes. Another approach is to eliminate backup MXes. If your primary server is solid, a backup server on your own network doesn't cover any problems with the link to your ISP. Note that even if your primary server did filter mail from your backup server, that just gets you into the bounce vs reject mess. If your primary server rejects it, your secondary server can either drop it or send a bounce. If you don't send the bounce, the sender of legitimate mail doesn't know that it didn't work. If you do send the bounce, and the return address was forged (which is common on spam), the bounce will go to an innocent victim. Google for backscatter or outscatter. There are similar problems with mail forwarding. The forwarder needs to do good filtering and the catching site needs to white list the forwarding site and the user needs to tolerate the crap that gets through the forwarder's filter. -- These are my opinions. I hate spam.
