One other thing is the spam could just be bypassing your primary mx and = going straight to the secondary. Right now our secondary imgate box is = doing about 6000 rejects (slet,rbl,regexp) which is intresting when you = look at our primary which has a average load of .02 so obviously some of = the spammers are just going straight to the second trying to bypass the = first since its blocking them. Luckly the secondary has a identical = config, hence the 6000 rejects per day. Not bad since the secondary is = really a outgoing only.
-----Original Message----- From: Len Conrad [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 14, 2003 8:54 AM To: [EMAIL PROTECTED] Subject: [IMGate] Re: Relay using IMGate >Yes, IMGate has a MX value of 10 in all the DNS records, then their = real >mail server, i.e. mail.domain.com, has a MX value of 20. so it's perfectly normal that Imail receives from IMGate. I don't see = how=20 that proves or comments on anything else about anything. >I do see messages getting stopped by IMGate with spamcop, which leads = me >to believe some messages are getting by the IMGate box. getting by Imgate to Imail is not an on open relay. If spamcop is not responding quick enough to a postfix query, then = postfix=20 will accept the msg, and log a line which is easy to find in maillog. >The tech suggested putting the IP of the IMGate machine in the SMTP=20 >security list in Imail, but wouldn't that stop all mail from coming = from=20 >the IMGate? yes, if it's a block list. >I need a way to track down where this mail is coming from. you can track every thing in the postfix maillog file. Len
