> Normally, primary and secondary MXs are different, separate, servers, running 
> their own mail server; this is a non-issue in that case. You are apparently 
> just using multiple IPs on the same mail server.

Yup — which is useful for other reasons (some of the spam filtering stuff 
doesn’t have a shared datastore in mysql for things like Gordon’s comeagain 
filter).


> But its doubtful that this is going to achieve much. Given high enough 
> volume, random DNS and routing gremlins will ensure that some percentage of 
> non-junk email will hit your backup MX; given that, and the fact that some 
> junk mail sources will try primary MXs first, and others will try secondary 
> MXs first, you wouldn't be able to draw any conclusions anyway.

That’s why I’m curious to log this. Ideally, I’d actually run three different 
priority MX hostnames all on the same server. Without any filtering, all three 
IPs would equally except stuff, and I should see all the traffic flowing to the 
highest priority (lowest numbered) mx. The theory that spammers go for the 
lowest priority (highest number) MX would be easiest enough to check if courier 
logged the IP — even if just statistically probable that spam goes there, along 
with some ham, that’s useful info. SpamAssassin, for example, could be more 
sensitive in that case. (Actually, that’s another really good argument for 
having the IP: if the primary MX is up, but you’re connecting to the secondary 
MX, then I want to hit that message with a non-RFC compliant penalty in the 
scoring — which in practice is more easily done by tweaking down the allowed 
spam threshold.)

If I were able to log the IP of the inbound connection, my guess is, based on 
what I’ve seen so far and read elsewhere, that there is some modest but still 
worth-it gain in having a highest priority MX that outright rejects connections 
(but with the ability to whitelist some senders, in case of having important 
email coming from a non-RFC-compliant server), a middle priority MX that acts 
as normal (I’ve found a huge win with using the comeagain filter in combination 
with spamassassin scores above 1.5 — selective comeagain — I sent Gordon a 
patch for this), and a lowest priority MX that always 429 rejects email.

What I’d like to do is be able to log the connection IPs to get some 
quantitative numbers around this.

-J

------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to