Re: [Exim] Fake secondary MX and spam

Top Page
Delete this message
Reply to this message
Author: Giuliano Gavazzi
Date:  
To: Alun, exim-users
Subject: Re: [Exim] Fake secondary MX and spam
At 11:32 am +0100 2004/06/10, Alun wrote:
>Dear all,
>
>A few weeks ago I speculated about what would happen if I set up a secondary
>MX record pointing to an IP alias on one of our primaries which used an ACL
>always to defer attempts to deliver via that address.
>
>Being paranoid, I just set up some logging first, and I thought the logs
>might be of interest to the list (or not!).
>
>Since starting the trial, 4982 mails have been submitted successfully via
>the secondary's IP address (i.e. after getting past all our ACL based
>rules). Of those, our spam scanners logged 2223 as probable spam. So at
>least 44.6% of everything coming through the secondary is spam. During the
>same timespan our spam scanners spotted 86239 probable spams. So the vast
>majority of spam that gets past the ACLs doesn't come through the secondary
>in any case. Assuming it was all spam, only 5.7% of what gets through to the
>spam scanners comes via the secondary.


what period are we looking? I have run tests (non really tests!) over
a three weeks period and my figures are very different (I would say
with a degree of certainty that only spam was attempted on the fake
MX). The pattern of the attempts on the primary also seem affected
heavily by how the fake MX is configured (dropped at firewall,
rejected altogether, deferred for valid recipients and rejected for
others), but this is unsurprisingly so.
Also, what are your figures for total attempts on the secondary? What
for the primary?

Giuliano
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/