At 7:04 PM -0500 2/20/02, Stefan Jeglinski imposed structure on a stream of electrons, yielding: >>Try this: >> >>my.domain MX 5 primary.mail.server >>my.domain MX 10 secondary.mx.server >>my.domain MX 20 another.name.for.primary.mail.server >> >>Spammers have learned that backup MX's accept more spam. Making >>your primary a 'tertiary' server as well gets them to try it first >>instead of the real backup. > >I implemented this a while back. It's hard to normalize the >effectiveness of this approach compared to the other spam fighting >tools in SIMS without a lot of log analysis. But it does make a >difference. The separate problem is, of course, if your primary >disappears off the net for whatever reason, so does the tertiary, >and the spam still comes through the secondary.
Yes, but that's no worse than than just having a secondary. >Not all spammers must be idiots though I guess. Since I still have >spam coming through my secondary, they must eventually try them all? >How does this work anyway in general? If another mail server wants >to find mx.4pi.com (me), does DNS -always- give it my highest >priority server? No. One MX query to a DNS server actually returns all the MX records, complete with their priorities. Often a server will be smart enough to include the A records for the MX names as 'additional' replies because in most cases the check for an MX is a prelude to looking those records up. > I guess spam programs can "intelligently" search for other MX >records and send to all? It's not really that hard. Any MTA software has the normal logic of sending to the primary (lowest 'cost' metric in the MX record) exchanger, and there are only a dozen or so open-source MTA's to crib from. Change a test for the lowest number to a test for highest and you have the spam software logic. -- Bill Cole [EMAIL PROTECTED] ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
