著者: Ian Eiloart 日付: To: Jason_Meers, exim-users 題目: Re: [exim] using different ports for different mx preferences
--On 19 February 2008 16:42:24 +0000 Jason_Meers
<jason_meers@???> wrote:
> Hi all,
>
> This is a new post quoting a section of a previous post.
>
> -snip-
> Background:
> The idea is to develop a config that could determine which MX record had
> been used to make the initial connection (by getting the firewall to
> forward the SMTP conversation to different ports on the same server,
> based on the IP address the connection initially came in on).
> This would avoid having to have a dedicated box and dedicated config for
> each MX preference.
> -snip-
>
That's not entirely necessary, since you can listen on several IP addresses
simultaneously. All on port 25.
>
> I'm seeing a lot of junk-mail deliberately going for the lower
> preference MX records first (by lower preference I mean MX records with
> a higher numerical value than the others). The thought is to be more
> strict/thorough about checking connections that are initially made to
> the "wrong" MX (because I don't expect this of a "genuine" properly
> configured MTA).
>
> Is it acceptable to just dump connections that make no attempt to follow
> the RFC's and go directly for the lower pref MX's. I have 5 other boxes
> (in separate locations) that _should_ have been tried before anyone
> would have a valid reason to connect directly to the lowest pref box.
We do. In fact, we have nothing listening on those addresses. It might be
better to listen and tarpit, but we don't.
> Is anybody else already doing this?
> Does it work for you?
We've not had any complaints. I don't know whether it helps at all.
> Thanks
> Jason_Meers
--
Ian Eiloart
IT Services, University of Sussex
x3148