On 10/21/06, gdub <[EMAIL PROTECTED]> wrote: > Any thoughts on the idea of dedicating a > host or interface as a trap by giving it > the lowest priority MX record?
I have a second IP on the same interface as my primary MX and in the same /29, so if someone connects to it, then there really is no reason why they could not have connected to the primary. To be extra safe I just defer all connections on that interface. I have a scheme where misbehaving IP addresses get a cumulative score attached, which is incremented by various amounts for different misbehaviours. Over a certain score and they get blacklisted for a number of hours. Connected to the lowest MX gets them pretty close to the blacklist score. When I originally added the interface I reckoned it cut the amount of spam by one third. It is harder to tell now that I have the blacklisting scheme. However, chances are by the time that IP address has given up on the secondary MX and gone to the primary it is already blacklisted. regards, John -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
