Re: [Exim] Fake secondary MX and spam

Góra strony
Delete this message
Reply to this message
Autor: Alun
Data:  
Dla: Giuliano Gavazzi
CC: exim-users
Temat: Re: [Exim] Fake secondary MX and spam
Giuliano Gavazzi (eximlists@???) said, in message
    <a0611044fbcee1b64182b@???>:

>
> what period are we looking? I have run tests (non really tests!) over
> a three weeks period and my figures are very different (I would say
> with a degree of certainty that only spam was attempted on the fake
> MX). The pattern of the attempts on the primary also seem affected
> heavily by how the fake MX is configured (dropped at firewall,
> rejected altogether, deferred for valid recipients and rejected for
> others), but this is unsurprisingly so.
> Also, what are your figures for total attempts on the secondary? What
> for the primary?


Hi,

The period was from 21st May through to today. We receive around 70,000
inbound messages per day here (after greylisting and other ACL based
measures).

I didn't log the figures for proportions of connections to the different IP
aliases, so I can't give you an exact answer to most of your questions.

However, during the test period we had > 37,000 rejections where the other
end sent HELO 144.124.16.46. Presumably these were connecting to the
secondary's address. Most of these would have been knocked out by our
greylisting. Even if you only allowed for the 37,000 attempts with faked
HELO and added these to the nearly 5,000 that got through, it means that 94%
of attempts against the secondary were spam.

This is more in line with your findings (i.e. most stuff through the
secondary is spam), but I was more interested in how much better it would
make things here - to which the answer is "not a vast amount".

I've now started deferring messages submitted to our secondary address, and
doing this *before* the greylisting stage. It will be interesting to see
what proportion of mail gets deferred that way.

Cheers,
Alun.

--
Alun Jones                       auj@???
Systems Support,                 (01970) 62 2494
Information Services,
University of Wales, Aberystwyth