Hadn't thought of that - makes perfect sense. I'm still planning to add whitelisting, but in cases like this it seems like it would be a good idea to only whitelist your secondary if 1) you control it, and/or 2) you know that TarProxy (or something similar) is already running on it.
If you're running the same configuration at your primary and secondary (and tertiary) MXes, then whether or not you even need whitelisting is a result of the design of your mail system. However, there is a good chance that you may need to be able to whitelist your backup MXes -- just make sure that they're properly configured.
If your secondary is at, say, your ISP, running TarProxy against it might provide your ISP some incentive to take measures at the SMTP level or lower as well.
You'd be DoS-ing yourself and all the other customers of that ISP, because you'd be causing slowdowns and backlogs of their servers, while the spammers get off scott-free.
I'm not certain what the ISP will be able to do, though, as I would be surprised if TarProxy is appropriate for ISPs until its had some time to mature and undergo performance tweaking.
They wouldn't be able to do much, that's for sure. In this respect, you need to get a lot of work done on TarProxy and make it suitable for use in Enterprise/ISP environments ASAP, because otherwise people are going to be hurting themselves (and all the other customers of the same ISP), when they go to implement this tool.
-- Brad Knowles, <[EMAIL PROTECTED]>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) ---- : The tarproxy-list mailing list is archived at : http://www.mail-archive.com/tarproxy-list%40martiansoftware.com/ : : To unsubscribe from this list, follow the instructions at : http://www.martiansoftware.com/contact.html : : TarProxy's project page can be found at : http://www.martiansoftware.com/tarproxy
