On 02/03/06, Graham Toal <[EMAIL PROTECTED]> wrote: > > $ host -t mx stonehenge.com > > stonehenge.com mail is handled by 666 spamtrap.stonehenge.com. > > stonehenge.com mail is handled by 5 blue.stonehenge.com. > > > > Any mail delivered to spamtrap gets the following response: > > > > 450 Violation of RFC2821 Section 5 Paragraph 8 correlates highly with > > spamming and is therefore rejected. > > > > And yes, that's the paragraph that says "deliver to lowest MX first". > > > > I'm skipping about *half* of the incoming spam just with this one trick. > > For > > more details, find the PDF I wrote titled "you had me at HELO" via google. > > Ouch! You're a brave one. That's fine until your first big network outage > :-) > Oh wait - I bet they're both on the same net segment, right? You wouldn't > dare do that with a machine elsewhere on the net! > > I might use the fact that mail had been delivered to a backup MX as > *one* factor in a spam evaluation function but rejecting it all > entirely is pretty risky. I think you've just been lucky so far. > Doesn't your main machine ever reject calls because the load average > is too high, for example? > > I bet you're not running greylisting either. If you were, legitimate > mail would frequently try your backup MX. It's a neat observation that > several of us have made, and it is tempting to find a way to take > advantage of it, but I think that rejecting *everything* that arrives > on your lowest-valued MX is just going too far!
Graham, You seem to have some contradicting views on the matter. What is the difference between greylisting and the aforementioned spamtrapping approach? Isn't it essentially a variation of the very same thing, namely the use of 450/451 smtp error codes so that the broken MTAs can go and relax? :-) Cheers, Constantine.
