Re: [Exim] Fake secondary MX and spam

Top Page
Delete this message
Reply to this message
Author: Giuliano Gavazzi
Date:  
To: Alun
CC: exim-users
Subject: Re: [Exim] Fake secondary MX and spam
At 4:10 pm +0100 2004/06/10, Alun wrote:
>The period was from 21st May through to today. We receive around 70,000
>inbound messages per day here (after greylisting and other ACL based
>measures).


I started on the 17th of May, but our incoming message count is much
smaller, incoming genuine traffic is about 200-250/day :(... that
makes statistics a bit flaky! Spam is at 400-550/day attempt to
existing addresses, 900-1400/day to unknown addresses (mainly
obsolete accounts). These are figures pre fake MX.
The bad news is that to affect definitely the spam counts on the
primary one must give permanent error to all attempts at the
secondary. What is most affected at the primary is indeed the unknown
recipient attempt (since they are rejected at the secondary), that
dropped by a factor of 3 since the introduction of the fake
secondary. All the other figures are rather inconclusive as in
addition to the low numbers, they have been affected by a general
decrease of connections in the last 30 days.

Presently I am just dropping the connections at the firewall, but
might shortly get rid of the fake sec altogether.

[...]
>This is more in line with your findings (i.e. most stuff through the
>secondary is spam), but I was more interested in how much better it would
>make things here - to which the answer is "not a vast amount".


indeed.

>I've now started deferring messages submitted to our secondary address, and
>doing this *before* the greylisting stage. It will be interesting to see
>what proportion of mail gets deferred that way.


if you also reject mail to unknown recipients you should see hitting
the secondary between 50% and 70% of what gets to the primary.

Giuliano
--
H U M P H
    || |||
  software


Java & C++ Server/Client/Human Interface applications on MacOS - MacOS X
http://www.humph.com/