Autor: John Hall Data: A: exim users Assumpte: Re: [exim] [off-topic] Using low-priority DNS MX record as spam trap
On 10/21/06, gdub <a507@???> wrote:
> Any thoughts on the idea of dedicating a
> host or interface as a trap by giving it
> the lowest priority MX record?
I have a second IP on the same interface as my primary MX and in the
same /29, so if someone connects to it, then there really is no reason
why they could not have connected to the primary. To be extra safe I
just defer all connections on that interface.
I have a scheme where misbehaving IP addresses get a cumulative score
attached, which is incremented by various amounts for different
misbehaviours. Over a certain score and they get blacklisted for a
number of hours. Connected to the lowest MX gets them pretty close to
the blacklist score.
When I originally added the interface I reckoned it cut the amount of
spam by one third. It is harder to tell now that I have the
blacklisting scheme. However, chances are by the time that IP address
has given up on the secondary MX and gone to the primary it is already
blacklisted.
