[81991] in North American Network Operators' Group
Re: OT? /dev/null 5.1.1 email
daemon@ATHENA.MIT.EDU (Brad Knowles)
Fri Jul 8 15:30:04 2005
In-Reply-To: <1120593606.23045.18.camel@localhost>
Date: Tue, 5 Jul 2005 23:18:15 +0200
To: Jim Popovitch <jimpop@yahoo.com>
From: Brad Knowles <brad@stop.mail-abuse.org>
Cc: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
At 4:00 PM -0400 2005-07-05, Jim Popovitch wrote:
> However, is seems the problem is over on the secondary MX (Postfix)
> which only has a list of legit relay domains for pMX. When pMX is back
> online sMX fwds it's queue, but at that point pMX rejects to sMX...who
> then rejects to Sender.
Yup, and a lot of spammers take advantage of this fact by
directly connecting to the secondary MXes of their targets, and never
connecting to the primary MXes.
> I'm not sure how I can get away from that
> happening.
Short of having a complete list of all your valid recipients on
the secondary MX, or having some way for them to obtain this
information, I don't think you can. Also note that you have to
completely replicate the full anti-spam/anti-virus configuration from
the primary MXes to the secondary MXes, for the same reasons.
--
Brad Knowles, <brad@stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
