On 09/22/2017 11:19 AM, Davide Marchi wrote:
Hi friends,
On Debian Jessie, Postfix 2.11.3 and Spamassassin 3.4.0-6, I've just
setup an MX email backup server and now I realize that new spam come
from the MX backup server..
Is there any way to tell to reject any mail coming to the MX backup
server, if the primary server is up?
And again, many spam email came from a mine fake and nonexistent
"alias", for example:
on my server I guest i...@foo.org, and its alias: ali...@foo.org and
ali...@foo.org, and stop. The spam come from ali...@foo.org, that
doesn't exist, how I could reject and prevent to delivery from these
address, without compromise the backup server?
Many many thanks!
Davide
Italy
What is the MTA you are using? You could script some postconf commands
on the secondary (higher priority) MX to temp fail everything until the
primary is unavailable then adjust/reload default configs from the
primary server to start accepting mail. If you do this, then you need
to make sure the secondary servers are setup identically to the primary
to filter identically.
Also, if you are using greylisting, you must facter that into the
processing.
I tried using tarbaby.junkemailfilter.com as my highest/third MX and ran
into delivery problems due to greylisting. MTAs will back off and retry
at different intervals which can cause very long delays with greylisting.
Look at the MX records for ena.com. My smtp2.ena.net _always_ temp
fails everything which is attacked by spammers and bots. smtp.ena.net
has mutliple A records to load balance across two different data
centers. This has worked very well with greylisting so if you can
rethink your A records behind the MX records, then I would recommend
going that route like I did.
# dig ena.com mx +short
10 smtp.ena.net.
20 smtp2.ena.net.
# dig smtp.ena.net +short
96.5.1.4
96.4.1.4
--
David Jones
