First, most servers cache the blacklist lookup, so it will persist for 1-2 days.
Second, the problem is that you will only get your backup server blacklisted/poorreputated aswell. I would suggest solving the underlying problem instead, so accounts is harder to compromise, by implementing a few restrictions: Theres multiple ways to solve the problem. 1: If your users belong to a specific office, I would suggest restricting sending email from that office. If some users must have remote access, give such access via a VPN instead. A spammer won't connect to a dialin VPN using compromised credentials and try to find a mailserver there and find compromised credentials to that too, its too much trouble for too little gain. 2: If you run a webhosting company or something similiar, restrict logins to the mail server via geoIP to the same country as the account in question was bought and registred from. The country (for example Sweden) they buy and register the account from, will be saved into a db. When a mail is sent through submission server, check that the country they are connecting from, match whatever is stored for their account inside database. This will avoid account compromise as the accounts can only be used in their "home countries". 3: Needless to say, its a good idea to restrict so the accounts can only send from their own email and the domain they either own or the domain your server is authorative for. -----Ursprungligt meddelande----- Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För Voytek Skickat: den 6 juni 2016 11:33 Till: postfix-users@postfix.org Ämne: ot: poor repution work arounds? standby smtp? I have a small Postfix/Dovecot virtual server, low usage every so often a user account get compromised and spam sent (like couple of days ago), now I'm seeing 5 or 6 emails 'stuck' in the queue with like: (host mail2.abcdef.com[217.xx.xx.xx] refused to talk to me: 554-mail1.abcdef.com 554 Your access to this mail system has been rejected due to the sending MTA's poor reputation. If you believe that this failure is in error, please contact the intended recipient via alternate means.) the single rbl has been already contacted, and, removed my IP, mxtoolbox shows NO blacklists, I guess 'poor reputation' will persist for a day or more so, the question is can I set up a 'spare' mail server, in future cases when I end up for a day or longer with bad reputation, to switch to an alternate outbound smtp server... ? does it make sense..? would it work? (trying to plan ahead from behind) thanks for any advice V
smime.p7s
Description: S/MIME Cryptographic Signature
