Kelson wrote:
> Larry Starr wrote:
>> On Friday 18 March 2005 08:17, Alexander Bochmann wrote:
>>> there are many setups where
>>> the ISP or someone else runs a backup MX for his
>>> customer's domains as a service. With this configuration,
>>> the secondary MX will usually not know about valid users
>>> in the destination domain.
>>
>> That, in fact, is the setup that I am operating and, yes, most of
>> what comes through my secondary MX, at my ISP, is SPAM. Some time
>> ago I implemented a rule that adds a (small) spam score for mail
>> received via my secondary MX.
>
> I'm on the flip side of that: we provide secondary MX services for
> some of our customers, and I've started adding a small bonus score
> for mail being sent *to* them through our server. I've also added
> meta-rules to treat certain rules more harshly.
>
> The really annoying thing, from our standpoint, is the backscatter we
> have to process:
>
> 1. Spammer sends to secondary MX (us).
> 2. We filter out some of the more obvious spam (for the most part
> using our regular criteria).
> 3. We relay what's left to the primary MX.
> 4. Primary MX rejects mail to nonexistant users and mail that trips
> their own spam filters.
> 5. We generate DSNs that go to third parties or nonexistant hosts,
> contributing to backscatter and cluttering up our outbound queue.
>
> The backscatter becomes a real problem in the legitimate relay
> situation, because it's basically unavoidable. If the spam is sent
> directly to you, you can accept it, discard it, or reject it, and it
> stops. But if you're relaying to someone, and *they* reject it, now
> you have to decide whether to generate a DSN or not. We've actually
> set up a separate queue for bounces that aren't delivered
> immediately, so that it won't bog down normal mail.
Two solutions occur to me:
1) Allow a way for the secondary MX to tell whether the primary MX is "up" - if
it is, don't accept any connections
2) Allow a way for the secondary MX to tell what email addresses on the primary
MX are valid (LDAP occurs to me)
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
