Kai Schaetzl wrote:
Rense Buijen wrote on Wed, 22 Aug 2007 16:43:19 +0200:
I didn't know that a backup MX can lead to more trouble then having just
one
Unfortunately, backup MXes attract spammers :-(. You could at least add
some more backup MXs (that don't exist) on top of that, that may help to
reduce the influx on the real one.
Using bogus MX records is a very bad idea. Google for bogusmx and for
check_sender_mx_access.
Using a valid MX that always tempfails (either using a 4xx or
blocking/droping packets at IP level or using a non existing IP) is not
yet considered harsh, but if this becomes widely used, we'll find ways
to detect such "poisoned MX" sites. Using a poisoned MX during a spam
strike is ok, but using it all the time and for all client connections
is bad for our resources. Spammers don't pay for resources, they have
enough clients to send to all your MXes.
If you want to stay on the right side, don't break the rules.
Notes:
- If you only tempfail "suspected" clients (faraway countries,
dynamic-like clients, "new" clients), this may be acceptable.
- if you whitelist clients that already sent you (enough) good mail,
this may be acceptable.
(when I say tempfail here, this includes blocking/droping IP packets).
