mouss wrote:
Richard Frovarp wrote:
We do something like nolisting. You will lose legit mail no matter
which trick you use. So it's best if you have a method of fixing
that. Our first mx record is a real smtp server, it's just firewalled
off to most of the world. It's used as a fast lane for our internal
networks so they aren't slowed down by spam attacks. If we run into a
legit server having issues (and there will be, don't let anyone else
fool you into thinking there won't be), we can just open up the
firewall to their SMTP and problem is solved.
I don't use anything like that. I just tried to post the pointer while
avoiding getting into a "hot" debate. my opinion is that the MX retry
strategy is not very clearly defined/implemented, so there is always a
risk of losing mail. on the other hand, it is not hard for a bot owner
to use N clients to get around whatever combination of MX games you
play. I am not saying that fake MXes do not work today. I am just not
sure they don't require some amount of work (contantly watch for
possible FPs...). things like "I have not seen a single FP" are
useless without justification (what methods are used to show that
there are "no" FPs).
I completely agree with you. I have no idea what effect our solution is
having on spam. I know that our internal mail isn't slowed down by large
influxes of spam as they can't get to the server that processes internal
mail, which was the goal of our system. I know for a fact we've rejected
legit mail because of our solution. Since my solution allows for the
opening of the "fake" MX to legit systems having issues, the problems
are reduced, but certainly not eliminated. Our FP detection method is
waiting for someone to call up and complain.
