On 8/10/2011 5:14 AM, martin f krafft wrote:
also sprach Noel Jones<[email protected]> [2011.08.10.0120 +0200]:
10 primary-0.mx 20 secondary.mx 30 primary-1.mx
In this scenario, what will the spammers hit?
All of them. What is your intent here?
My intent is to combine postscreen, using the dual-MX approach
outlined by Wietse, with a physically-separate-MX-backup, but
without a shared database for the postscreen whitelist.
My theory was that spammers would try the lowest priority MX first
(primary-1.mx), in this case the second IP on the main MX. Here,
postscreen basically fends them off, because no host can achieve
whitelisting here.
Concern yourself with the expected behavior of legit hosts;
don't worry about what the spambots will do because they do
whatever they please.
I think you'll need:
10 primary-1
20 primary-2
30 secondary-1
40 secondary-2
so that legit hosts know to try their second connection to
your primary host's alternate IP. Duplicate the postscreen
dual-IP setup on the secondary.
Spammers will connect everywhere, don't bother trying to
control what they do.
-- Noel Jones
