On Monday, March 21, 2005, 2:21:48 AM, Menno Bennekom wrote: >> From: jdow >> Wow, it's been awhile since this floated through the list the last time. >> >> The theory among the spammers is that the secondary and tertirary >> MX machines are less well protected. "They're backups, afterall. >> They're not used every day." >> >> Most canny anti-spammers are aware of this and may actually have the >> secondaries nailed down a little tighter than the primaries.
> Indeed a lot of spam-programs/viruses address directly the highest MX-record. > I point my highest MX-record (after the primary and backup MX) to an > inactive mail-server, sort of second backup but postfix is stopped. > Once in a while I active it just to look what's coming in, and it is a > gigantic amount of spam/viruses/name-guessing. > This solution really has lowered the amount of traffic on my main > mailservers. > Menno van Bennekom Clever trick. Do legitimate MTAs try to send to the second highest MXer if the primary is down? If so a fake third MX (even to a completely unused IP?) may have little downside. I.e. @ IN MX 5 realprimary.domain.com @ IN MX 10 realbackup.domain.com @ IN MX 20 fakebackup.domain.com Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
