On Sun, 31 Mar 2019 at 07:40, Jon LaBadie <jlaba...@acm.org> wrote: > When I try to block spam from repeaters, via access.db, > firewall, ... the first thing that happens is the blocked > mail gets delivered via my MX backup host. Mail received > by this route does not seem to be checked against the > access database. > > Is there something I'm not turning on to enable checks > of mail received via the MX backup host? >
I presume the MX backup host is a third party service not under your full control? Does the MX backup host deliver to your primary host, and if so does it do so with authenticated access? If the answer to both questions is yes, I suspect that your primary host is not applying the same anti-spam tests to connections with authenticated access as it applies to non-authenticated. This is a common set up but in your case it allows spam accepted by the MX backup host to reach your mailboxes because they bypass the checks on your primary host. If so, I suggest you change the settings on your primary host to apply the same tests to authenticated as to non-authenticated clients. A better solution, but maybe not possible for you, would be to have your MX backup host apply the same anti-spam tests as your primary.
