Author: mb Date: To: Jeff Lasman CC: exim-users Subject: Re: [Exim] secondary MX in a world of spammers
On Nov 13 Jeff Lasman wrote:
>Our situation is complicated because we're being asked by our clients to
>offer it as a service to them. And they run different mailservers.
>I'm not sure how we could keep track of all their users, and I know if
>we expected them to update a file so they'd keep track of it, it would
>never happen properly.
>
>So the only way we could implement it would be true store and forward.
>So we'd be accepting spam and email to incorrect addresses, and forward
>it later, when their system is again available.
I think Nico's right. Think of the scariest you can be:
- every dnsbl you can think of (even bl.spamcop.net)
- use exiscan with at least clamd and spamd (and dodgy attachment lists..)
- use sender callout verification
- don't accept message with >n RCPTs (for a suitable n)
- whatever else you've got up your sleeve!
BUT BUT BUT..
- dont ever send SMTP 550; send 451 ("defer" in ACL-speak).
This way "policy" is largely shifted to you primary MX(es); spam is
largely thwarted (as most spammers won't try again) and 99% of legitimate
mail is nearer your users' INBOXes than it could have been.