Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 11 Jan 2017 20:05:49 -0800
From:      Kurt Buff <kurt.buff@gmail.com>
To:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Subject:   Re: spamassassin not lethal anymore
Message-ID:  <CADy1Ce4q5WmubxzUymOCLttpO56vcVK8h%2BA%2BdUyTur8q8iZNAA@mail.gmail.com>
In-Reply-To: <cde3f2ed-7b2d-8907-c7f7-f137e4d5a96d@pinyon.org>
References:  <2463a238-e10f-e81d-cab1-5a7eaf774590@pinyon.org> <20170111210507.2dc39818c6e9d439abb21ee6@sohara.org> <8016faa3-5af4-6c2d-acdf-9b02f7f1afc8@pinyon.org> <CADy1Ce5Q5cvhb5SKS8QzN_yFQnhCYu12dZVDup_ipw-o3%2Bw_vg@mail.gmail.com> <cde3f2ed-7b2d-8907-c7f7-f137e4d5a96d@pinyon.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jan 11, 2017 at 5:34 PM, Russell L. Carter <rcarter@pinyon.org> wrote:
> On 01/11/17 17:24, Kurt Buff wrote:
>>
>> Snippety snip...
>>
>> On Wed, Jan 11, 2017 at 4:13 PM, Russell L. Carter <rcarter@pinyon.org>
>> wrote:
>>>
>>> On 01/11/17 14:05, Steve O'Hara-Smith wrote:
>>>>
>>>>
>>>> On Wed, 11 Jan 2017 13:45:47 -0700
>>>> "Russell L. Carter" <rcarter@pinyon.org> wrote:
>>>> most of it botnet sourced. I've pretty much eliminated it now by a
>>>> combination of installing dcc and razor plugins to spamassassin (reduced
>>>> the spam getting through by 70% or so) and adding a backup MX with a
>>>> free
>>>> service that only accepts messages to relay when the primary is down
>>>> (it's
>>>> amazing how much spam stopped coming in when I did that).
>>>>
>>>
>>> I'm not sure what you mean here, can you elaborate a bit more?  I can
>>> do anything I like with my MX hosts so I'm game.  I *think* I'm
>>> already doing that. I have multiple domains, and so I have a primary
>>> MX and a couple of backup MX hosts (one of which is effectively a
>>> passive dovecot replicator, lordy that works fantastic).  The backup
>>> MX hosts are lower priority than the primary.  Are you doing something
>>> different?
>>
>>
>> A secondary MX that refuses mail when the primary is up and running
>> foils one of the favorite tactics of spammers - they will often target
>> the secondary MX because those are often not as up to date with
>> anti-spam measures. Most spambots try one MX, one time only.
>>
>> Many spambots will try that secondary MX, get refused with a 4xx
>> error, and not bother to try the primary MX at all.
>>
>> It can be a big win, in the right situation.
>
>
> Ah.  Awesome.  How do I do that?
>
> Russell


As Steve O'Hara Smith wrote, there are free services that can do that.
Perhaps he can mention which one he uses.

But, if you have a spare public IP address, I suppose you could set up
another MX with postfix and have it respond to all inbound with a 4xx.

Greylisting, as someone else mentioned, is probably a really good
alternative - that responds with a temp fail message, and again most
spambots won't try again.


Kurt



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADy1Ce4q5WmubxzUymOCLttpO56vcVK8h%2BA%2BdUyTur8q8iZNAA>