[Exim] RE: spammers and secondary MX, was Re: ECLEAR_SERVER …

Top Page
Delete this message
Reply to this message
Author: Patrick Starrenburg
Date:  
To: exim-users
Subject: [Exim] RE: spammers and secondary MX, was Re: ECLEAR_SERVER messa ge
On Sun, 22 Jun 2003 21:24:07 GMT, Michael Bordignon
<michael.b@???> wrote:

>> And yet another pattern of behaviour are those which go and try our
>> backup MX first, without showing any sign of having tried the primary
>> beforehand. This happens frequently enough for me to suspect that
>> some spammers do it deliberately.
>
> thats EXACTLY the problem im having! i was starting to think it was a
> connectivity problem on our end, but now that someone else has
> experienced this, i can't help but think it is deliberate..


It is deliberate unfortunately. The spammers figure on this :-

1) quite likely the backup mail server will belong to an ISP therefore
won't have all the anti-spam blocks on it that companies/people
labouriously setup themselves
2) the backup mail server will quite likely be trusted by the primary maybe
even being using SMTP auth to connect so it goes straight in

so they try to get a sneaky back door into your domain.

Have a look at 'Common spammer attack methods' at
http://projects.puremagic.com/greylisting/ it was mentioned on discussion
on 'greylisting' on list earlier.

This is why we are setting up our own backup MX's for our company.

PS