mouss wrote:
Kai Schaetzl wrote:
Rense Buijen wrote on Wed, 22 Aug 2007 16:43:19 +0200:
I didn't know that a backup MX can lead to more trouble then having
just one
Unfortunately, backup MXes attract spammers :-(. You could at least
add some more backup MXs (that don't exist) on top of that, that may
help to reduce the influx on the real one.
Using bogus MX records is a very bad idea. Google for bogusmx and for
check_sender_mx_access.
Using a valid MX that always tempfails (either using a 4xx or
blocking/droping packets at IP level or using a non existing IP) is
not yet considered harsh, but if this becomes widely used, we'll find
ways to detect such "poisoned MX" sites. Using a poisoned MX during a
spam strike is ok, but using it all the time and for all client
connections is bad for our resources. Spammers don't pay for
resources, they have enough clients to send to all your MXes.
If you want to stay on the right side, don't break the rules.
Notes:
- If you only tempfail "suspected" clients (faraway countries,
dynamic-like clients, "new" clients), this may be acceptable.
- if you whitelist clients that already sent you (enough) good mail,
this may be acceptable.
(when I say tempfail here, this includes blocking/droping IP packets).
Works great for me. I'm using it on 1600 domains and I've eliminated all
my spam bot spam.
