Richard Frovarp wrote: > mouss wrote: > > Richard Frovarp wrote: > > > > > > > We do something like nolisting. You will lose legit mail no matter > > > which trick you use. So it's best if you have a method of fixing > > > that. Our first mx record is a real smtp server, it's just > > > firewalled off to most of the world. It's used as a fast lane for > > > our internal networks so they aren't slowed down by spam attacks. > > > If we run into a legit server having issues (and there will be, > > > don't let anyone else fool you into thinking there won't be), we > > > can just open up the firewall to their SMTP and problem is solved. > > > > I don't use anything like that. I just tried to post the pointer > > while avoiding getting into a "hot" debate. my opinion is that the > > MX retry strategy is not very clearly defined/implemented, so there > > is always a risk of losing mail. on the other hand, it is not hard > > for a bot owner to use N clients to get around whatever combination > > of MX games you play. I am not saying that fake MXes do not work > > today. I am just not sure they don't require some amount of work > > (contantly watch for possible FPs...). things like "I have not seen > > a single FP" are useless without justification (what methods are > > used to show that there are "no" FPs). > > > I completely agree with you. I have no idea what effect our solution > is having on spam. I know that our internal mail isn't slowed down by > large influxes of spam as they can't get to the server that processes > internal mail, which was the goal of our system. I know for a fact > we've rejected legit mail because of our solution. Since my solution > allows for the opening of the "fake" MX to legit systems having > issues, the problems are reduced, but certainly not eliminated. Our > FP detection method is waiting for someone to call up and complain.
How many systems have you had to allow through the firewall due to mail problems so far? -- Bowie
