From owner-freebsd-questions@FreeBSD.ORG Sat Mar 6 09:36:13 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A9714106564A for ; Sat, 6 Mar 2010 09:36:13 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 341528FC14 for ; Sat, 6 Mar 2010 09:36:13 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.187.76.163]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id o269a7V5024718 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sat, 6 Mar 2010 09:36:07 GMT (envelope-from m.seaman@infracaninophile.co.uk) Message-ID: <4B922207.3090404@infracaninophile.co.uk> Date: Sat, 06 Mar 2010 09:36:07 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB; rv:1.9.1.8) Gecko/20100227 Thunderbird/3.0.3 MIME-Version: 1.0 To: Ian Smith References: <20100305185135.DD214106576C@hub.freebsd.org> <20100306172517.Q17960@sola.nimnet.asn.au> In-Reply-To: <20100306172517.Q17960@sola.nimnet.asn.au> X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.95.3 at happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL, SPF_FAIL autolearn=no version=3.3.0 X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on happy-idiot-talk.infracaninophile.co.uk Cc: freebsd-questions@freebsd.org, "Randal L. Schwartz" Subject: Re: Thousands of ssh probes X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Mar 2010 09:36:13 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/03/2010 06:33:53, Ian Smith wrote: > In freebsd-questions Digest, Vol 300, Issue 10, Message: 6 > On Fri, 05 Mar 2010 16:07:29 +0000 Matthew Seaman wrote: > > On 05/03/2010 15:51:52, Randal L. Schwartz wrote: > > > The spamtrap is a shiny object for spam, and anything that goes there gets > > > blocked for an hour from hitting the low port. I presented this at a > > > conference once. > > > > Having an IPv6-only high-mx seems to terminally confuse most spambots... > > I understand why IPv6 would confuse them, but don't follow why higher > numbered MXs would be more attractive to them in the first place? > > Are they assuming a 'secondary' MX will be more likely to accept spam? Yes. Generally a high-numbered MX is more trusted than the run-of- the-mill internet by the actual mail server (lowest numbered MX)[*], so forwarding between MXes tends to bypass chunks of anti-spam protection. The high-numbered MX itself is usually a pretty low importance system at a location remote from all the rest of the mail servers, so it tends to have less effective anti-spam protection. Thus spammers ignore the normal MX priority rules and just attempt to inject spam through the highest numbered MX, because it is more likely to get through. On the whole, I don't see the value in having a high-numbered MX to dumbly accept, queue and forward messages like this. It doesn't really add any resilience: the SMTP protocol is intrinsically all about store and forward, and if a message cannot be delivered immediately, the sending side will keep it in a queue for up to 5 days anyhow. Low priority MXes make some sense for load shedding, but realistically as part of a cluster of servers at one site. If you want resilience against network outages, then you're going to have to provide a resilient solution for /reading/ the e-mails too, and that's a whole different ball game. Cheers, Matthew [*] Even if the low-priority MXes are treated as untrusted, you've still got the whole backscatter problem to consider. - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuSIgcACgkQ8Mjk52CukIxQEQCffVtAHVHs5u58+Sz0SIZlDM0Q 0pYAoJD8d6Tyd6xypSbx0Z/3qmScmbeR =VCWG -----END PGP SIGNATURE-----