Date: Mon, 23 Jun 2003 10:14:34 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Brett Glass <brett@lariat.org> Cc: questions@freebsd.org Subject: Re: Eliminating "noise" from secondary MX Message-ID: <20030623151433.GB48420@dan.emsphone.com> In-Reply-To: <4.3.2.7.2.20030623083909.02be3c50@localhost> References: <4.3.2.7.2.20030623083909.02be3c50@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Jun 23), Brett Glass said: > Here's more detail. A spammer sends to a nonexistent address in a > domain for which the host is a secondary mail exchanger. Many > spammers' software is actually set up to use secondary mail > exchangers rather than primaries, because they're less likely to have > effective antispam software running. (Even if they use public > blacklists, they rarely use a blacklist or whitelist provided by the > domain for which they're a secondary.) > > The secondary mail exchanger tries to send the message on to its > destination, but the mail is bounced by the primary mail host (either > as spam or because it has been sent to an invalid address). So, the > secondary dutifully tries to notify the sender that the message > didn't get through. > > Of course, the "From:" and "Reply-to:" headers of the spam contain > either a completely bogus address or one that has quickly been shut > down due to spamming. So, the host, not knowing what else to do, > sends a notice to Postmaster, saying that the notice to the sender > could not be delivered. > > What's the easiest way to suppress this resource-consuming, mailbox > clogging chain reaction? I make sure my secondary MX has the same filtering setup as the primary, and set it up so email from one MX to the other isn't checked again. You can set spamassassin up so it uses a SQL backend for its user rules which makes it easy for multiple machines to filter mail the same way. I've never done this, though, so I don't know how easy it is to make it work when you're secondarying for multiple domains. You could always make the secondary run with much tighter spam checks than the primaries, as a penalty for spammers that try it first :) -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030623151433.GB48420>