On Tue, Dec 28, 2004 at 11:58:23AM -0500, Matt Kettler wrote:Disclaimer: I've never used the plugin, but I can casually read the code...
Lucky you ;-)
wrongmx needs to run on your primary, and will detect that mail first went through one of your secondaries before hitting the primary... If there's only one received: header it bails out immediately, as it can't have been relayed this way yet.
Both my primary and secondaries forward any accepted mail to an internal mailserver (which cannot run SA), so this particular plugin will never do any useful things to mails in my case. I understand.
If you're running SA on your secondaries, you could just save yourself the effort and add +1.0 to every email.
Hm, nice idea ;-)
I wrote the WrongMX plugin for a regional ISP that a friend owns. As Matt said, it was designed to run only on a primary MX, or at least on an MX that may receive mail from a lower preference MX.
The mail system it was designed for has four primary MXes (all preference 0) multihomed with connections from three different networks. A secondary MX was added mainly to attract spam. The secondary MX doesn't scan mail, it just queues it and passes it along to the primaries. It shouldn't receive too much legitimate mail since it is on the same networks as the primary MXes so cost based routing shouldn't be causing legit mail to be delivered to it (yes, there are still some very large companies doing cost based mail routing -- Thomson Worldwide and all their divisions, Technicolor, RCA, etc, do this along with others).
That brings up the issue of scoring. Many people will get legit mail on their secondary MX(es), even if their primary MX(es) are up, so I wouldn't score the rule any higher than 2, maybe 3.
Also note that the plugin code is blocking. The DNS lookups are sent out and waited for, instead of doing them in the background. This is a result of the plugin being written quickly when I dropped in to my friend's ISP one afternoon and being lazy knowing that he's got a a couple of large and fast DNS caches in front of the spam filtering machines. This shouldn't be a huge issue though since there are only a couple of lookups done. It will increasing processing times by a small amount though -- not system load though.
That said, I posted the plugin expecting it to be used mainly be people with a primary MX of their own and a secondary MX that they don't control which most likely doesn't scan their mail, or that they at least scan their mail again themselves.
It's been my experience that any MX used for spam filtering would have the same preference as the rest of the filtering MXes, at least for medium sized installations or smaller.
Larger sized/volume installations generally have a group of primary MXes that only do virus scanning (since it's faster than spam filtering) which drastically cuts down on the amount of messages passed to the spam filtering machines.
So... like Matt said, and I've recommended to numerous people who have emailed me, you could simply add a rule on your secondary MX that adds a point or two to each email that passes through it. However, keep in mind that legitimate mail can be expected to pass through it, even if your primary MX never goes down or stops accepting mail due to a high load average.
Daryl
