Hi, On Thu, Jun 13, 2013 at 6:53 PM, John Hardin <jhar...@impsec.org> wrote: > On Thu, 13 Jun 2013, Alex wrote: >> I'm thinking this is sounding like a better option. The IPs change way >> too quickly for me to be able to keep up with updating a DNSBL. It's >> funny -- despite all MXs having the same weight, mail03 is really the >> one that's pounded with these pump-and-dump spams. Maybe I'll start >> with implementing greylisting there. > > If the spammers are preferring a particular MX host, greylisting only on > that host to start with sounds like a good approach.
Okay, great to hear. > There's anecdotal reports that spammers focus on backup MX hosts in the > hopes they are less-well-protected. You might also try changing the MX > weighting and see if that causes the spam to concentrate on a specific MX > host. That might give you a little more positive control over it. Yes, I've also heard that before, but thought it was typically based on MX weight, not just based on the name of the host. I don't have control over the DNS for this zone, and not sure any one server could take the bulk of the mail instead of the round-robin load balancing trying to be achieved with equal weighting. Thanks, Alex
