I have 3 mx records for my domain. The first 2 are pointing to the external mail gateways (primary and backup) both running Imail with declude junkmail/virus. The 3rd mx record points directly to my internal exchange server (running scanmail), which bypasses all junkmail and virus scanning by declude, and I thought only would be used if the first two mailservers fail.
That is correct -- if the sending mailserver is operating according to the RFCs.
I have noticed in the last few weeks a few spam messages being sent directly to my internal exchange mailserver. I was not aware that this is possible when my mx records are configured as they are. If someone can explain how this can be happening, and any suggestions for a more secure setup would be much appreciated.
What is happening here is that the spammer is using their own software ("spamware") to send the spam. Knowing that many people don't scan E-mail that comes through their backup mailserver(s), their spamware chooses to try the backup mailservers first.
If your Exchange server isn't running any anti-spam or anti-virus, I would recommend removing it from the MX record.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
