Re: [Exim] pri/sec MX on same machine to catch spam

Góra strony
Delete this message
Reply to this message
Autor: Wakko Warner
Data:  
Dla: jvanasco
CC: exim-users
Temat: Re: [Exim] pri/sec MX on same machine to catch spam
> one of the guys in my office has a _very_ public email address. you
> wouldn't believe the amount of spam he gets
>
> i've got sa-exim compiled in, and its rejecting spams 30 or above
>
> when i tail the rejectlog occasionally, i'm amazed at some of the
> redundancy
>
> some spammers have been going on 1month plus, several times a day,
> spamming the same message that is temp-failed


According to my idea, the secondary will never give a temp-failed message.
It'll either refuse the message (and blacklist) or accept it.

> i think that greylisting idea is more apt to inconvenience real users
> than it will hurt spammers


This idea is similar to greylisting but it doesn't block emails for a time
period. the primary if it has never been seen by itself and the secondary
will temp fail a message. the secondary will accept the message if the
primary has already seen it but will refuse/blacklist if it hasn't. The
only time limits are whatever the sending server has.

The only drawback to this is it will blacklist broken mailservers
(mindspring and aol come to mind IIRC. They contact whichever MX they find
first ignoring priority)

> > This idea hit me the other day.
> >
> > This would only work if you have 2 IPs. Here's what I came up with.
> >
> > A messages (non-spam) comes into the primary. The primary adds the
> > host (or
> > host/sender) to a database and returns 4xx codes to every rcpt.
> > Properly
> > configured mailservers are supposed to try the secondary. So the same
> > message goes to the secondary. If the host (or host/sender) has
> > already
> > been seen by the primary, accept it (and possibly mark it so that the
> > primary will accept it).
> >
> > Some spammers will hit the primary once and never try again. Since
> > the host
> > hasn't been seen before, the message won't come through. Some
> > spammers will
> > only hit the secondary server. If they do, the secondary will check
> > the DB
> > and if it hasn't seen this host, assume it's a spam and blacklist.
> >
> > Just remember, in the above, the primary and secondary are on the same
> > machine with multiple IPs. This would also work if it was on 2
> > different
> > machines as long as they can share info in realtime and not go down.
> >
> > Of course, this won't work for RFC compliant MTAs that are open relays.
> >
> > Thoughts?
> >
> > --
> > Lab tests show that use of micro$oft causes cancer in lab animals
> >
> > --
> >
> > ## List details at http://www.exim.org/mailman/listinfo/exim-users
> > Exim details at http://www.exim.org/ ##
> >
>

--
Lab tests show that use of micro$oft causes cancer in lab animals