> $ host -t mx stonehenge.com > stonehenge.com mail is handled by 666 spamtrap.stonehenge.com. > stonehenge.com mail is handled by 5 blue.stonehenge.com. > > Any mail delivered to spamtrap gets the following response: > > 450 Violation of RFC2821 Section 5 Paragraph 8 correlates highly with > spamming and is therefore rejected. > > And yes, that's the paragraph that says "deliver to lowest MX first". > > I'm skipping about *half* of the incoming spam just with this one trick. For > more details, find the PDF I wrote titled "you had me at HELO" via google.
Ouch! You're a brave one. That's fine until your first big network outage :-) Oh wait - I bet they're both on the same net segment, right? You wouldn't dare do that with a machine elsewhere on the net! I might use the fact that mail had been delivered to a backup MX as *one* factor in a spam evaluation function but rejecting it all entirely is pretty risky. I think you've just been lucky so far. Doesn't your main machine ever reject calls because the load average is too high, for example? I bet you're not running greylisting either. If you were, legitimate mail would frequently try your backup MX. It's a neat observation that several of us have made, and it is tempting to find a way to take advantage of it, but I think that rejecting *everything* that arrives on your lowest-valued MX is just going too far! Graham
