David, this is common problem for all who using secondary mail servers. Secondary mail server must use same way to detect spam or you will get, with 99% probablity, spamed thru secondary servers. SPAMers just exploit what MX records for your domain allows by RFC definition. No one is pushed to use only server with lowest MX. You can send mail to any server listed in MX records for your domain to comply with RFC.
I had simimilar problem with few companies and if they want effectively fight with SPAM they must use same protection on all servers listed in MX records. You have two options: 1) protect all servers listed in MX records 2) delete MX records for servers where you can't protect your domain against SPAM Spamdyke couldn't help you with mail comming from your secondary servers listed in MX, because these servers will be always valid. Most spammers when get reject on one MX record do try another MX record in list. Eduard Švarc DATA Intertech s.r.o. Kladenská 46 160 00 Praha 6 Czech Republic tel. +420-235365267, fax +420-235361446 spamdyke-users-boun...@spamdyke.org wrote on 10.09.2009 11:53:58: > Hi Christpoh, > > first of all it looks for me like the DENIED_OTHER came from your > qmail caused by a non-existing box. > Spamdyke didn't recognize any problems in rdns, ip or mx. So the > mail was allowed. I think the only way > is to blacklist that server. > > Am 09.09.2009 um 18:03 schrieb Christoph Kuhle ((Expat Email Ltd)): > > Can anyone help? I have an email that was rejected first, and then > accepted twice, all from the same IP address. Is there a reason > someone can explain for why this is happening, or what I can do to > capture even more Spam!? The maillog extracts are as follows: > > Sep 9 04:26:24 plesk2 relaylock: /var/qmail/bin/relaylock: mail > from 217.23.1.32:51669 (pride.hardc0re.org) > Sep 9 04:26:33 plesk2 spamdyke[3605]: DENIED_OTHER from: > nob...@pride.hardc0re.org to: sa...@domain.com origin_ip: 217.23.1. > 32 origin_rdns: pride.hardc0re.org auth: (unknown) > Sep 9 14:47:04 plesk2 relaylock: /var/qmail/bin/relaylock: mail > from 217.23.1.32:33361 (pride.hardc0re.org) > Sep 9 14:47:09 plesk2 spamdyke[15524]: ALLOWED from: nob...@pride. > hardc0re.org to: supp...@domain.com origin_ip: 217.23.1.32 > origin_rdns: pride.hardc0re.org auth: (unknown) > Sep 9 16:00:25 plesk2 relaylock: /var/qmail/bin/relaylock: mail > from 217.23.1.32:54080 (pride.hardc0re.org) > Sep 9 16:00:30 plesk2 spamdyke[25305]: ALLOWED from: nob...@pride. > hardc0re.org to: i...@domain.com origin_ip: 217.23.1.32 origin_rdns: > pride.hardc0re.org auth: (unknown) > > I also think that a lot of emails are getting through because they > come from a secondary mail server and we have been told that > Spammers often choose the lowest priority MX record and send to > that. This then passes the checks which is frustrating (because the > IP address that shows is that of the secondary mail server which > clearly exists). I wonder whether there is any way to prevent this? > > > David Stiller > Technischer Support > Neues von Blackbit: aktuelle Projekte und Wissenswertes aus > unserer Werbeagentur unter http://www.blackbit.de/tagebuch > > Blackbit neue Medien GmbH > Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen > > Tel.: +49-551-50675-60 - Fax: +49-551-50675-20 > E-Mail: david.stil...@blackbit.de ? Hotline: hi...@blackbit.de > > Amtsgericht Göttingen: HRB 3222 > USt-IdNr.: DE 813114917 > Geschäftsführer: Herr Stefano Viani > > [image removed] > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users