D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] backup MX



Dave Trudgian wrote:


Blind (not knowing vaid user names) backup MXes generate bounces if the
spammed address does not exist, and are routinely targetted by spammers
to offload spam quicker.


I don't really understand this argument. Having an address aware backup MX 
doesn't save bounces. 

Yes it does.

The messages are just bounced earlier, at the backup MX 
rather than when they can be delivered to the primary MX.

If you reject the message from the spammer typically no email is sent to
ANYONE!

If you insert a backup MX your primary rejects the message (no such
user) and the backup MX generates a bounce back to the spoofed address.

Most forged addresses are not genuine, but enough are to make a near one
to one correspondence between spam and bounce painful for whoever has
been Joe Jobbed.

I accept that
secondary MX servers are targetted by spammers but I'd much rather have a bit 
more spam than risk losing email.

Last month one of the few remaining back-up MXs at work got 40,000 spam
an hour all weekend, all to faked addresses (the domain only had 3
genuine email addresses, none of which were spammed).

I had 0.5 GB of email to trash at the end of that as postmaster, it took
two days to clear the backlog.

Be assured I found the magic SQL query to kill every last backup MX from
our DNS database after that incident (I'd killed them for the most
important(?) 300 domains a few weeks earlier).

Like I said earlier, many people will face the situation where their main ADSL 
hosted mail server could be off for days. Backup MX ensures you get the email 
full stop, rather than just getting it a bit quicker.

Don't run SMTP servers on boxes which are down that long would be my
advice, POP3 has to be good for something.

Interestingly, I actually want spam at the moment for a dissertation project, 
I'm not out to stop it dead!

Getting listed as a back-up MX for a few domains should do the trick.

We saw over a 1/3 of all spam go straight to the back-up MXes when we
ran them. At this point you are providing the spammer with a no pain
method of dumping spam as quickly as possible, where as most MTA's will
use back-off algorithmns on connections that attempt to email large
numbers of non-existent addresses, backup MXs don't have this luxury.

Of course there is no way to tell if your spam is representative, unless
you collect from representative samples of users. There is at least one
spam archive on the net which can do you a few tens of megabytes.

Attachment: signature.asc
Description: OpenPGP digital signature


Lynx friendly