[82012] in North American Network Operators' Group
Re: OT? /dev/null 5.1.1 email
daemon@ATHENA.MIT.EDU (Patrick Muldoon)
Fri Jul 8 15:32:52 2005
Date: Tue, 05 Jul 2005 22:47:48 -0400
From: Patrick Muldoon <doon@inoc.net>
To: Brad Knowles <brad@stop.mail-abuse.org>
Cc: nanog@nanog.org
In-Reply-To: <p06200736bef0a9090365@[10.0.1.3]>
Errors-To: owner-nanog@merit.edu
Brad Knowles wrote:
> At 4:00 PM -0400 2005-07-05, Jim Popovitch wrote:
>
>> However, is seems the problem is over on the secondary MX (Postfix)
>> which only has a list of legit relay domains for pMX. When pMX is back
>> online sMX fwds it's queue, but at that point pMX rejects to sMX...who
>> then rejects to Sender.
>
>
> Yup, and a lot of spammers take advantage of this fact by directly
> connecting to the secondary MXes of their targets, and never
> connecting to the primary MXes.
What about setting your highest order MX and lowest order MX to point to
the same set of mail servers, and hide your backup servers in the
middle. Even better if you can implement something that auto blacklists
people that connect to your "secondary" MX's when you know that your
primaries are up and accepting e-mail.
-Patrick
