From owner-freebsd-questions@FreeBSD.ORG Mon Jun 23 08:14:41 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7508337B401 for ; Mon, 23 Jun 2003 08:14:41 -0700 (PDT) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id 816CA43FDD for ; Mon, 23 Jun 2003 08:14:38 -0700 (PDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.12.9/8.12.9) id h5NFEZkE010601; Mon, 23 Jun 2003 10:14:35 -0500 (CDT) (envelope-from dan) Date: Mon, 23 Jun 2003 10:14:34 -0500 From: Dan Nelson To: Brett Glass Message-ID: <20030623151433.GB48420@dan.emsphone.com> References: <4.3.2.7.2.20030623083909.02be3c50@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4.3.2.7.2.20030623083909.02be3c50@localhost> X-OS: FreeBSD 5.1-CURRENT X-message-flag: Outlook Error User-Agent: Mutt/1.5.4i cc: questions@freebsd.org Subject: Re: Eliminating "noise" from secondary MX X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2003 15:14:41 -0000 In the last episode (Jun 23), Brett Glass said: > Here's more detail. A spammer sends to a nonexistent address in a > domain for which the host is a secondary mail exchanger. Many > spammers' software is actually set up to use secondary mail > exchangers rather than primaries, because they're less likely to have > effective antispam software running. (Even if they use public > blacklists, they rarely use a blacklist or whitelist provided by the > domain for which they're a secondary.) > > The secondary mail exchanger tries to send the message on to its > destination, but the mail is bounced by the primary mail host (either > as spam or because it has been sent to an invalid address). So, the > secondary dutifully tries to notify the sender that the message > didn't get through. > > Of course, the "From:" and "Reply-to:" headers of the spam contain > either a completely bogus address or one that has quickly been shut > down due to spamming. So, the host, not knowing what else to do, > sends a notice to Postmaster, saying that the notice to the sender > could not be delivered. > > What's the easiest way to suppress this resource-consuming, mailbox > clogging chain reaction? I make sure my secondary MX has the same filtering setup as the primary, and set it up so email from one MX to the other isn't checked again. You can set spamassassin up so it uses a SQL backend for its user rules which makes it easy for multiple machines to filter mail the same way. I've never done this, though, so I don't know how easy it is to make it work when you're secondarying for multiple domains. You could always make the secondary run with much tighter spam checks than the primaries, as a penalty for spammers that try it first :) -- Dan Nelson dnelson@allantgroup.com