Date: Fri, 13 Jan 2017 09:05:46 -0500 From: "James B. Byrne" <byrnejb@harte-lyne.ca> To: galtsev@kicp.uchicago.edu Cc: freebsd-questions@freebsd.org Subject: Re: spamassassin not lethal anymore Message-ID: <2ad6c8d4892981f0123799f6789206cd.squirrel@webmail.harte-lyne.ca> In-Reply-To: <34435.128.135.52.6.1484263940.squirrel@cosmo.uchicago.edu> References: <mailman.128.1484222402.46410.freebsd-questions@freebsd.org> <23452361f18e06fccb64293d30f1b6eb.squirrel@webmail.harte-lyne.ca> <34435.128.135.52.6.1484263940.squirrel@cosmo.uchicago.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, January 12, 2017 18:32, Valeri Galtsev wrote:
>
> I have one question and one comment to your suggestion.
>
> Question: why spammers would go to your lower priority MX
> instead of first going to your primary MX? Is that because
> on primary and only on primary you have greylisting? Why
> not to have greylisting on all MX serving your
> domain then? I'm in darkness about the logic behind doing it.
>
The purpose of diverting spam noise to non-existent hosts is to lower
the load on actual MX machines. It was noted by anti-spam advocates
that in a significant number of cases spambot programs were targeting
lower (lowest actually) priority MX services from the outset. The
motivation for this behaviour is uncertain. Hypothetically it might
be that spammers belive that secondary MX systems are frequently not
as well protected as the the primary. Whatever the cause the effect
was noted.
Since most spam programs do not implement the SMTP particularly well
it is believed that by stone-walling the first connection attempt from
such scripts they would simply go on to their next target domain.
Last year we were under a considerable assault from spam and I was
given this idea from the SpamAssassin list. I may also have had it
mentioned to me on the Postfix list but I cannot be certain. In any
case, after implementing this we were able to detect a measurable drop
in connection attempts to our actual MX services.
All of our 'real' MX hosts are protected with exactly the same tools,
including Postgrey and SpamAssassin with Amavis-new, and all are
configured to the same degree of hardening. However, a packet not
handled is a cycle saved for some useful work and diverting any amount
of bogus traffic to a non-listening port works for us.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2ad6c8d4892981f0123799f6789206cd.squirrel>