How to filter spam sent via backup MX? |
Post Reply |
Author | |
Alan
Guest Group |
Post Options
Thanks(0)
Posted: 21 April 2003 at 12:24pm |
I did a check of the spam that was still coming through and it appears a lot of it is being sent directly to the backup MX server, so that when it get sent to the main mail server, it passes through without filtering since that is an authorized IP address to the main mail server. How do you suggest getting around this type of spam?
|
|
Bill Stewart
Guest Group |
Post Options
Thanks(0)
|
It sounds like you want SpamFilter to filter mail on a server it's not running on...or did I misunderstand your question? It sounds to me like you need to point all relevant MX records to your SpamFilter server. |
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Alan, At http://logsat.com/spamfilter/details.asp you'll find more info on this, in the meantime here's the section that concerns you: ====================================== Please note the comment relative to the backup MX record. While it's a good idea to add them in case with problems with SpamFilter, keep in mind that some spammers will send emails to any server they find an MX record for. This means that they can send mail directly to your unprotected MTA, which will bypass SpamFilter and thus deliver the spam to the intended recipient. A good tradeoff would be to leave the backup MX during your testing phases, then remove it when you are confident SpamFilter does it's job. ====================================== As long as you have an SMTP server listening on an IP that has a corresponding MX record, spammers will likely send emails to it, as you noticed already. Your easier option, if you do want to keep the secondary(s) MX records for redundancy, is to place SpamFilter or another anti-spam solution on those IPs as well to block the spam there as well. To prove that we don't want to sell more licenses :-) and if you want to give your programmers a bit of work, you could try the following: Configure the SMTP server on the secondary MX to trust only the IP SpamFilter uses, so that only connections from that IP are trusted. This way internet users cannot send email to it directly. Write a small app that checks to see if the primary MX's IP is listening on port 25 (if nost the primary MX is down, spamfitler has crashed, the server has crashed, or whatever). If not, your app could configure on the fly your SMTP server to now listen on all IPs, not only the trusted on on the primary MX. It's a bit of work, and it may or not be possible to implement depending on your SMTP server, but it's an alternative if you don't want to place SpamFilter on all your secondaries. Roberto Franceschetti |
|
dcook
Senior Member Joined: 31 January 2005 Location: United States Status: Offline Points: 174 |
Post Options
Thanks(0)
|
Would having several redundant MX records for the Spamfilter in place before the protected mail server work? For example: metric 0 spamfilter I am trying this now - will this help prevent mail from bypassing the spamfilter and going directly to the mailserver as mucnh while still providing a backup configuration?
|
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
We never thought of that. It would depend on how spammers go for your secondary MXs. If they try sending email to the first MX, it fails, and then go thru all your secondaries until one goes thru, the idea probably won't work. But then they may not work like that, in which case you may be right. We'd be interested in finding out your results after the test! Roberto F. |
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.172 seconds.