[exim] Spam engine note

A few weeks ago, we had occasion to shuffle mail server duties and IP
assignments.

1. smtp.olympus.net, which had been our published MX until a few months
before the change, ceased to have that roll, and was given a customer-only
Exim configuration file. This host kept its IP address.

2. mx1.olympus.net, which was our published MX before the change and still
is shared the smtp.olympus.net IP before the change, and now has its own.
The Exim configuration on this machine assumes that no customers connect to
it.

Interestingly, despite the change, some spam engines are continuing to try
to use the IP which belongs to smtp.olympus.net to send us spam. One of the
things in the customer-facing Exim configuration does is reject non-customer
connections from other than a set of IPs which customers are expected to
use--to local recipients--with a message which is unique and therefore
greppable in the Exim logs.

So far, in a little over a half day today, the Exim instances listening to
port 25 on smtp.olympus.net have rejected slightly over 5,000 recipients
based on being obvious non-customers using smtp.olympus.net. The DNS change
is long enough ago that I believe these to be messages from spam engines
whose instructions include the IP address to which to connect to send the
message.

This actually makes sense, I guess, in that it saves the spam engine the
need to make numerous DNS queries, which might make discovery more likely.
But it also means you can "dodge" some of the spam engines by playing games
with changing your MX IP addresses now and then, provided customers don't
connect to the MX machine(s).

--John