Menu
▾
▴
Re: [Sqlgrey-users] Backup MX servers
|
From: Michel B. <mi...@bo...> - 2005-06-16 07:41:53
|
Le Jeudi 16 Juin 2005 09:31, Ray Booysen a =E9crit : > > I have started to notice more and more spam emails that are being sent > by MTAs that use the next available MX after I greylist the initial > connect. I see the same. > My server then in turn greylists the connect from the backup=20 > MX but it doesn't stop the spam or virus being delivered in the end. This is *NOT* good ! If the primary MX performs greylisting, then *ALL* the backup MXes MUST=20 perform greylisting themselves as well. As a rule of thumb, *ANY* anti-spam measure that exists on a primary MX a= t=20 SMTP level MUST exist as well on all secondaries. Otherwise secondaries a= re=20 easy ways to bypass antispam protection for a given domain, and spammers = know=20 that well (some spammers / spambots systematically send to the LOWEST=20 priority MX to exploit this possible, and alas frequent, security=20 shortcoming). And the primary MX should not greylist mail coming from its secondaries (= they=20 should be whitelisted), as greyliting secondaries is not only useless but= =20 also counterproductive. > Are we seeing an increase in the number of spam sending MTAs that don't > give up on the first attempt? I believe so. And I also have seen a growing number of spams that retry a= fter=20 about a minute. But not longer. Which means that greylisting duration sho= uld=20 probably not being set < 2 minutes. Cheers. --=20 Michel Bouissou <mi...@bo...> OpenPGP ID 0xDDE8AC6E |
