On Mon, 2011-11-14 at 05:35 -0800, Marc Perkel wrote: > I'm still playing with this. Probable also need to reduce or eliminate
> caching on the recipient callout. But I thought I'd post it in case
> someone finds it useful.
It's a fairly old technique but it's hidebound by problems - probably
more than it solves.
You can never assume that an inbound SMTP connection to a lower priority
MX server is coming in when the higher priority server(s) is (are) up
means that the inbound message is spam. It may be so that there's a
higher probability that it is, but consider the fact that there are an
infinity of reasons why a given host can't talk to your higher prio MX.
Network interruptions are the principal cause, but also the higher prio
could have deferred or refused the connection due to a volume of inbound
messages. That doesn't mean it's down, but is in self-defence mode - and
in many cases, will still be accepting from the lower prio MX servers
*especially* if you're doing call-forward to them!
It can be a useful scoring method, but you cannot absolutely assert that
the inbound message is spam.
Be prepared for false positives if you use this technique to make that
assertion.