Peter Bowyer wrote: > On 08/07/07, Renaud Allard <[EMAIL PROTECTED]> wrote: > >> Martin A. Brooks wrote: >> >>> Marc Perkel wrote: >>> >>>> I have a reall simple way to do it. And I'm using it on several hundred >>>> domains and it works. Suppose you have 1 MX record. Add 2 more dummies. >>>> >>>> dummy1.example.com 10 >>>> real.example.com 20 >>>> dummy2.example.com 30 >>>> >>>> Gets rid of almost all your bot spam and is far faster and easier than >>>> greylisting. >>>> >>> Derrick asks about greylisting. You, effectively, give him advice about >>> making strawberry cheese cake >>> >> I don't totally agree. The solution Mark Perkel explained is about the >> same in effect as greylisting but is much more simple to implement. >> The drawbacks of his solution are: >> -you cannot whitelist >> -you cannot control the minimum retry time >> -you must have more than one IP >> The good point is: >> -extremely simple to implement >> -very lightweight >> > > My big worry about this is that you're completely dependent on the > behaviour of the other MTA - you've no logging, nothing to tweak, > can't whitelist, just have to trust that the people sending you wanted > mail are going to do the 'right thing'. That alone has kept me from > trying it. > > Peter >
It doesn't require special whitelisting although you could if you wanted to. If the dead IP which is the lowest MX were dead to everyone except a white list that you would set with iptables then you could whitelist. But it's not really necessary. And technically you don't have to have 3 IP addresses. All you have to do is point the bogus MX records to any IP with port 25 closed. Why you'll notice is that 90% of your bot net spam goes away. I'm doing it and it works. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
