[Exim] pri/sec MX on same machine to catch spam

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Wakko Warner
Datum:  
To: exim-users
Betreff: [Exim] pri/sec MX on same machine to catch spam
This idea hit me the other day.

This would only work if you have 2 IPs. Here's what I came up with.

A messages (non-spam) comes into the primary. The primary adds the host (or
host/sender) to a database and returns 4xx codes to every rcpt. Properly
configured mailservers are supposed to try the secondary. So the same
message goes to the secondary. If the host (or host/sender) has already
been seen by the primary, accept it (and possibly mark it so that the
primary will accept it).

Some spammers will hit the primary once and never try again. Since the host
hasn't been seen before, the message won't come through. Some spammers will
only hit the secondary server. If they do, the secondary will check the DB
and if it hasn't seen this host, assume it's a spam and blacklist.

Just remember, in the above, the primary and secondary are on the same
machine with multiple IPs. This would also work if it was on 2 different
machines as long as they can share info in realtime and not go down.

Of course, this won't work for RFC compliant MTAs that are open relays.

Thoughts?

--
Lab tests show that use of micro$oft causes cancer in lab animals