Autor: Alun Data: A: exim-users Assumpte: [Exim] Fake secondary MX and spam
Dear all,
A few weeks ago I speculated about what would happen if I set up a secondary
MX record pointing to an IP alias on one of our primaries which used an ACL
always to defer attempts to deliver via that address.
Being paranoid, I just set up some logging first, and I thought the logs
might be of interest to the list (or not!).
Since starting the trial, 4982 mails have been submitted successfully via
the secondary's IP address (i.e. after getting past all our ACL based
rules). Of those, our spam scanners logged 2223 as probable spam. So at
least 44.6% of everything coming through the secondary is spam. During the
same timespan our spam scanners spotted 86239 probable spams. So the vast
majority of spam that gets past the ACLs doesn't come through the secondary
in any case. Assuming it was all spam, only 5.7% of what gets through to the
spam scanners comes via the secondary.
Even so, I'm still inclined to look at the deferral method. I can do this at
the ACL stage with almost no penalty and save load on the spam scanning
software. And there's still those 2759 messages that got through - whatever
they were...