RE: SPAMERS hitting my second MX record?
Think about how SMTP works, and you'll get the answer. In other words, yes. Your primary rejects the message (or the connection in some cases), so the sending MTA correctly identifies that as a failure, and tries the next highest MX - in your case, your gateway. I've got 4 external MX's with ascending preferences, and I start with the highest preference one to see what spammers are up to.. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: Orin Rehorst [mailto:[EMAIL PROTECTED] Sent: Thursday, July 31, 2003 6:34 PM To: Exchange Discussions Subject: SPAMERS hitting my second MX record? I use eDoxs (3rd party company that identifies spam. They use Brightmail). Getting a lot of spam, however. My first MX record is to dDoxs. My second is to my email gateway, in case eDoxs is down. I'm wondering if spammers can pick up on my second MX record and send directly to it. Please advise. TIA Regards, Orin _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: SPAMERS hitting my second MX record?
I don't know - we run the exact same configs on all our external relays, so if one rejects it, all 4 will. Then again, when you're using 100% open source software on 100% recycled desktop machines as mail relays, cost isn't much of a factor. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -Original Message- From: PF: Exchange [mailto:[EMAIL PROTECTED] Sent: Thursday, July 31, 2003 8:30 PM To: Exchange Discussions Subject: RE: SPAMERS hitting my second MX record? My first MX record is to dDoxs. My second is to my email gateway, in case eDoxs is down. I'm wondering if spammers can pick up on my second MX record and send directly to it. Actually, it's very common for spammers to start at your lower priority MX records. It makes sense for exactly the reason you specified. Companies rarely put the expensive anti-spam software on their secondary MX relays. Ed recommended using a relay to HOLD the mail until the primary is available again. This method works great provided that most of your filtering is not done by RBL/SPAM listings (because the source IP has changed.) -Kevin _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchanget ext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
SPAMERS hitting my second MX record?
I use eDoxs (3rd party company that identifies spam. They use Brightmail). Getting a lot of spam, however. My first MX record is to dDoxs. My second is to my email gateway, in case eDoxs is down. I'm wondering if spammers can pick up on my second MX record and send directly to it. Please advise. TIA Regards, Orin _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: SPAMERS hitting my second MX record?
Of course they can, and they will. A better way to do that second MX record is to direct it to a relay SMTP server that will simply hold the mail until the primary SMTP server is up. The Windows 2000 SMTP Service will do this just fine. Ed Crowley MCSE+Internet MVP Freelance E-Mail Philosopher Protecting the world from PSTs and Bricked Backups!T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Orin Rehorst Sent: Thursday, July 31, 2003 3:34 PM To: Exchange Discussions Subject: SPAMERS hitting my second MX record? I use eDoxs (3rd party company that identifies spam. They use Brightmail). Getting a lot of spam, however. My first MX record is to dDoxs. My second is to my email gateway, in case eDoxs is down. I'm wondering if spammers can pick up on my second MX record and send directly to it. Please advise. TIA Regards, Orin _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: SPAMERS hitting my second MX record?
My first MX record is to dDoxs. My second is to my email gateway, in case eDoxs is down. I'm wondering if spammers can pick up on my second MX record and send directly to it. Actually, it's very common for spammers to start at your lower priority MX records. It makes sense for exactly the reason you specified. Companies rarely put the expensive anti-spam software on their secondary MX relays. Ed recommended using a relay to HOLD the mail until the primary is available again. This method works great provided that most of your filtering is not done by RBL/SPAM listings (because the source IP has changed.) -Kevin _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchangetext_mode=lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
