[Mimedefang] Previous relay information

Whit Blauvelt whit at transpect.com
Wed Dec 13 17:26:37 EST 2006


On Wed, Dec 13, 2006 at 06:43:37PM +0900, Mark van Proctor wrote:

> A couple of spam, however, are getting through by sending to our secondary
> mail server, which we have no control over and which is then forwarding the
> emails to us (in an smtp compliant manner... respecting out TEMPFAILs and
> sending again when it can...).

The polite thing to do is not make your backup MX deal with your TEMPFAILS.
It's best to whitelist it.

> Has anyone implemented some form of parsing of the received headers to
> determine who the previous relay was? 

The problem is once your backup MX has the spam, the whole greylist thing
doesn't really work for those emails. So what will you do having parsed the
previous relay?

Considering stuff should only go to the backup MX when the primary is
unavailable, if you set up some tracking to know just when your primary or
the line to it is unavailable, then parsed the received headers on anything
from the secondary MX, tossing anything that came in during times when the
primary wasn't down, that might cover you.

Alternately you could use $RelayAddr to recognize what's come in by the
secondary MX and segregate it somehow - assuming that that system's not also
sending you stuff as a normal relay from the ISP or whatever - and then only
go through that file after an outage, figuring it's just collecting spam
otherwise.

I'm greylisting with an external secondary MX myself. Since their line is
more dependable than mine, it seems worth keeping. 

Whit



More information about the MIMEDefang mailing list