Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - How to filter spam sent via backup MX?
  FAQ FAQ  Forum Search   Register Register  Login Login

How to filter spam sent via backup MX?

 Post Reply Post Reply
Author
Alan View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Topic: How to filter spam sent via backup MX?
    Posted: 21 April 2003 at 12:24pm
I did a check of the spam that was still coming through and it appears a lot of it is being sent directly to the backup MX server, so that when it get sent to the main mail server, it passes through without filtering since that is an authorized IP address to the main mail server.  How do you suggest getting around this type of spam?
Back to Top
Bill Stewart View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Bill Stewart Quote  Post ReplyReply Direct Link To This Post Posted: 21 April 2003 at 12:44pm

I did a check of the spam that was still coming through and it appears a lot of it is being sent directly to the backup MX server, so that when it get sent to the main mail server, it passes through without filtering since that is an authorized IP address to the main mail server.  How do you suggest getting around this type of spam?

It sounds like you want SpamFilter to filter mail on a server it's not running on...or did I misunderstand your question? It sounds to me like you need to point all relevant MX records to your SpamFilter server.

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4106
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 21 April 2003 at 5:31pm

Alan,

At http://logsat.com/spamfilter/details.asp you'll find more info on this, in the meantime here's the section that concerns you:

======================================

Please note the comment relative to the backup MX record. While it's a good idea to add them in case with problems with SpamFilter, keep in mind that some spammers will send emails to any server they find an MX record for. This means that they can send mail directly to your unprotected MTA, which will bypass SpamFilter and thus deliver the spam to the intended recipient. A good tradeoff would be to leave the backup MX during your testing phases, then remove it when you are confident SpamFilter does it's job.

======================================

As long as you have an SMTP server listening on an IP that has a corresponding MX record, spammers will likely send emails to it, as you noticed already.

Your easier option, if you do want to keep the secondary(s) MX records for redundancy, is to place SpamFilter or another anti-spam solution on those IPs as well to block the spam there as well.

To prove that we don't want to sell more licenses :-) and if you want to give your programmers a bit of work, you could try the following:

Configure the SMTP server on the secondary MX to trust only the IP SpamFilter uses, so that only connections from that IP are trusted. This way internet users cannot send email to it directly. Write a small app that checks to see if the primary MX's IP is listening on port 25 (if nost the primary MX is down, spamfitler has crashed, the server has crashed, or whatever). If not, your app could configure on the fly your SMTP server to now listen on all IPs, not only the trusted on on the primary MX. It's a bit of work, and it may or not be possible to implement depending on your SMTP server, but it's an alternative if you don't want to place SpamFilter on all your secondaries.

Roberto Franceschetti
LogSat Software

Back to Top
dcook View Drop Down
Senior Member
Senior Member
Avatar

Joined: 31 January 2005
Location: United States
Status: Offline
Points: 174
Post Options Post Options   Thanks (0) Thanks(0)   Quote dcook Quote  Post ReplyReply Direct Link To This Post Posted: 24 April 2003 at 11:59pm

Would having several redundant MX records for the Spamfilter in place before the protected mail server work? For example:

metric 0 spamfilter
metric 10 spamfilter
metric 20 spamfilter
metric 30 mailserver

I am trying this now - will this help prevent mail from bypassing the spamfilter and going directly to the mailserver as mucnh while still providing a backup configuration?

 


 

 

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4106
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 25 April 2003 at 4:12pm

We never thought of that. It would depend on how spammers go for your secondary MXs. If they try sending email to the first MX, it fails, and then go thru all your secondaries until one goes thru, the idea probably won't work. But then they may not work like that, in which case you may be right.

We'd be interested in finding out your results after the test!

Roberto F.
LogSat Software

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.199 seconds.