On Mon, 2004-03-22 at 23:17, Michael Menefee wrote: > Just wondering if anyone else is seeing what I've been seeing for the past > few months. I have several customers running SA 2.63 on qmail.....for each > of them I have setup an individual qmail server that scans their inbound > email for spam and viruses. This box is setup in their MX records with a > priority of 10. I have a fallback box that all of my customers utilize with > an MX priority of 100. > > I have been closely monitoring the Spam statistics using sa-stats.pl...what > I'm seeing is that the dedicated boxes setup as the "primary" MX record is > catching on average about 80% of all inbound emails. The "secondary" box > (that is--the shared box with a priority of 100) is catching about 99.8% (if > not 100%) on a daily basis. These are valid spams begin caught as well. > > This just seems odd to me that the secondary MX record would receive a much > higher volume of spam and wondered of anyone else was seeing this and if > there was an explanation. BTW, for the 3 or so customers I'm referring to, I > process about 300,000 messages per day. The fallback box processes about > 70,000 per day, with about 68,000 or more being caught as SPAM > As others have pointed out, spammers are hoping your anti-spam defenses are weaker or non-existent on your secondaries.
For this reason, I've got a cronjob on my secondaries that checks to see that at least one of my primaries is up - if the primaries are responding, it drops a .cf file in the SA directory that adds a few points to every e-mail (since they're almost certainly spam). If the primaries are down, that .cf file is removed (and spamd is restarted, as needed). The theory is that I don't want to block stuff outright, as there will be a short delay before my secondaries notices that the primaries are down (or network problems could mean other senders can't see my primaries, even though my secondaries can). > > > Thanks, > Mike > > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.634 / Virus Database: 406 - Release Date: 3/18/2004 > >
