[Mimedefang] Spam sneaking in through secondary MX??

[John Rowan Littell]

-----BEGIN PGP SIGNED MESSAGE-----

Lo, James Whittington and the coffee pot sang in unison:

> This may be a bit off topic but I've noticed spam passing through an
> SMTP gateway that is a fallback to the fallback gateway.  I have weights
> of 10, 20 & 30 on 3 MX exchanges.  It seems unlikely that the 10 & 20
> weight MX records would be unresponsive, which is what I thought would
> have to happen for mail to fallback to the 3rd exchange.  The third
> gateway by the way does not do Spam or virus filtering.  Do spammers
> purposely seek out secondary exchanges to use or are my other two
> gateways failing and mail going to the third one?

I've found this to be true to some extent.  I do my heaviest RBL
filtering on my highest numbered mail exchanger.  However, I always
return a 400 level response for RBL hits on that MX so that collateral
damage listings (which may occassionally still hit the higher MX for
whatever reason) can do the Right Thing and try again later (and
presumably hit the lower MX and get through).  Some spam tries back
later at the lower MX, but a not insignificant amount simply gives up.

I haven't put MD on the higher MX yet, though.  That's in the works,
and I may follow the same philosophy as with RBL filtering.

A cursory look at my virus logs shows me that very few of the ones we
get pass through the higher exchangers -- they come directly to the
lowest one they can find.  Therefore I may or may not do virus
filtering on any higher exchangers.

  --rowan

- -- 
John "Rowan" Littell
Systems Administrator
Earlham College Computing Services
http://www.earlham.edu/~littejo/
2003-04-11 10:15
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: Made with pgp4pine 1.76

iQCVAwUBPpbdwJdUNSJ2nf/5AQFZlgQArMUSzHX8Yvkd0cNbIYHJ+Vdub7cXC+nL
ELSMMQaak1uETQeY6P3TKaa85QP5WKe8kaI7sz2ZbsbuFDOo/UUCMafPyPPnjbKl
Z1vSZudufONaz94xjI1CMk0rIDYHWbkXy4jTXEf+S8NHNZS6CfHwELEYbq5Rsr4x
tbtiHadFVx4=
=rZ/Z
-----END PGP SIGNATURE-----