Re: [Exim] Kool Spam Catching Trick

Top Page
This message is part of the following thread:
M++-+\the complete thread tree sorted by date
MMM\MMMarc Perkel at <-
.MMMMDominik Ruf at ->
Delete this message
Reply to this message
Author: James P. Roberts
Date:  
To: Matt Bernstein, Marc Perkel
CC: exim-users
Subject: Re: [Exim] Kool Spam Catching Trick
----- Original Message -----
From: "Matt Bernstein" <mb@???>
To: "Marc Perkel" <marc@???>

> On Jan 1 Marc Perkel wrote:
>
> >What I did was set a secondary MX record to
> >be another IP on the same computer as my
> >primary email server. I had noticed that some
> >spammers often will email the secondary rather
> >than the primary MX believing that the
> >secondary has less filtering. In my case there
> >never is a time when the secondary is up and
> >the primary is down. So - anything coming into
> >the secondary is spam.
>
> You can't guarantee this. However, you can send
> SMTP 451 (defer) to anything arriving on the
> secondary ;)
>

If one uses the same ethernet card, with a second IP alias on it, one can come
as close as physically possible to ensuring the secondary MX is never up when
the primary is down.

But true, one can't guarantee that *only* spam will try the secondary first.
It's a good approximation, but not guaranteed.

Since it is now "common knowledge" that most spammers don't bother to retry,
and they aren't likely to start doing so (easier to re-run the entire spam run
another time, instead of re-trying individual failed recipients like a real
SMTP server)... I really like Matt's suggestion!

Jim Roberts



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] was this an attack?Re: [Exim] was this an attack?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)