Glad you answered!
A little more action -- I was seeing so much mail relayed from our secondary MX that it dawned on me that spammers probably target secondaries. Sure enough, a few minutes on Google showed it's quite true. Secondaries often don't have all the anti-spam stuff on them, and ours certainly don't know who is or isn't a legitimate user in our domain, since it's operated by a third party. We thought about getting rid of it entirely -- the approach favored by some -- but decided first to try spoofing a low-priority server. We've added a new lowest-priority MX receiver that's actually an alias of our primary. That way, if the spammers target the lowest-priority machine, they'll actually hit our primary, which has all the protection. In a week or so, a bit of grepping should reveal whether or not we're seeing a reduction.
Of course, at this point, the spammers may be clever enough to realize that if there are three MXs, they should try the middle one. Or just resolve the names and eliminate the dupes before choosing.
We may end up shifting everything to the hosted virtual server anyway... mail is just too critical to our operation to take risks with it. Seems weird to have to eliminate a backup system to manage risk, though!
Nick
-- Nick Arnett Phone/fax: (408) 904-7198 [EMAIL PROTECTED]
_______________________________________________ http://www.mccmedia.com/mailman/listinfo/brin-l
