Steve Freegard wrote:
Marc Perkel wrote:
I'm doing an experimental free MX backup service and wondering if it
will get exploited. I'm wondering if I'm overlooking anything obvious?
Here's the info on it:
http://www.free-mx-backup.com
The idea is that it detects if we are the secondary and not the primary
MX and will store and deliver email for those domains. I'm trying to
think if I'm leaving myself open for anything I'm going to regret. If
you were a spammer how would you take advantage of this?
There's loads of challenges to deal with and think about when running a
secondary MX serivce:
1) If the primary MX rejects any mail that you are attempting to
deliver - then it will make your service the source of backscatter as
your MTA will then generate a DSN (as you accepted the mail for relay
and it was subsequently rejected by the upstream server).
Yeah that is an issue. I've decided not to create bounce message or
failed deliveries. But that has issues as well in that some legit bounce
messages will be missed.
Most of my spam filtering is done with Exim rules and that's where I
apply black and white list rules. I'm not using SA on this service but
right now I'm only using SA for about 1% of email I process. So the
recipient is responsible for their own spam filtering. However my Exim
rules gets rid of most all spam bot spam and other spam that can be
looked up on a blacklist.
The way the normal filtering works is based on 2 rings of servers. The
primary ring processes the lowest numbered MX and the secondary ring
picks up what gray listing I do on the primary. I actually have a third
ring that is my fake MX ring. So what I'm doing here - or hoping to do -
is make the second and third rings public.
I may regret doing this but I want to try it out and see if I can make
some sort of free public backup that works reasonably well and stops a
significant amount of spam.
