Re: [Exim] Re: pri/sec MX on same machine to catch spam

Top Pagina
Delete this message
Reply to this message
Auteur: Wakko Warner
Datum:  
Aan: exim-users
Onderwerp: Re: [Exim] Re: pri/sec MX on same machine to catch spam
> Search for 'greylisting'. It is extremely similar, if not almost
> identical, except it does not rely on having 2 MXes.


I have, but they used it on one mailserver. The idea is great provided you
have only 1 server. Their idea wasn't exactly clear about when to blacklist
hosts expecially when they try the backup since proper smtp servers should
try the secondary if the primary is having problems. They say to share the
list with multiple servers which would mean problem configurations (atleast
the way I interperated it) would be blacklisted.

My idea relies basically on 2 mailservers on the same machine. (2 being 2
IPs) and not using the same style of timeouts. It's basically:

non-spam:
mx1: temporary failure (writes ip to log)
mx2: (reads log and finds IP) Ok, accepted.

direct-mx-spam:
mx1: temporary failure (writes ip to log)
<gives up>

direct-mx2-spam:
mx2: (reads log and can't find IP) Refused (writes IP to blacklist)

openrelay-spam: (see non-spam)

another-non-spam:
mx1: (reads log and finds IP) Ok, accepted.

The way greylisting worked, it delayed mail till the server's next retry.
The way I have it here (it's an idea which has not been tested btw) is good
mail isn't refused, but direct-mx spammers are not going through. That and
some good RBLs that list open relays and doing some basic HELO checking
would lower spam a bit from what I've seen at work.

Of course, using this idea along with greylisting should work as well.

--
Lab tests show that use of micro$oft causes cancer in lab animals