R: Q. about spam directed towards highest MX Record?
> | Just to clarify here You are talking about doing something like: > | > | domain.com 1200 IN MX 10 smtp-1.domain.com > | domain.com 1200 IN MX50 smtp-2.domain.com > | > | You all are saying that most of the spam should be coming in MX > 50 right? > | > | I have to admit I've tried this, but it seems like mail continues to > | come into the MX 50 even when the primary servers are available.Is > | it not correct that the 50 should NOT be tried until the 10 is > | unavailable? Or do I have that backwards? > > You have it right. Unfortunately, mail still hits the lowest > priority server based on my experience > even when the Primary is up and running. Are you using something like greylisting or maybe your primary is often under heavy load? giampaolo
R: Q. about spam directed towards highest MX Record?
> > We tried that and had problems with some clients (the business client > > not the mail client). Seems a lot of Exchange servers will try the > > lowest priority MX for some reason, and then never try the highest, just > > fail. > > > > With the current setup a valid message will eventually get through. > > > > DAve > > Isn't that how it is suppose to work? Try the lowest first? Yes, it is: MX 10 primary-mx.domain.tld has generally to be checked before falling back to: MX 20 secondary-mx.domain.tld Lowest number is highest priority. giampaolo
R: Q. about spam directed towards highest MX Record?
> > > You have it right. Unfortunately, mail still hits the > > lowest priority > > > server based on my experience even when the Primary is up > > and running. > > Or, even better, point it at an unused IP on your network. > (don't point it at 127.0.0.1, that will get you blacklisted in the > rfc-ignorant invalid mx list) > > That way, no bandwidth used except for a tcp syn every now and again. ... and spammers would have to wait for a tcp timeout before giving up there. :) giampaolo