On Fri, 2003-03-07 at 03:32, Brad Knowles wrote: > At 2:20 PM +0000 2003/03/06, Samuel Liddicott wrote: > > > If you have backup MX handled by someone else who doesn't use tarproxy > > then the secondary MX may be a major source of spam. > > s/may/will be/ > > > Backup MX could be a good way to offload per-domain spam as often > > backup MX host don't have valid-user information - nearly as good > > as open relays. Of course much of the spam may not reach the target, > > but that is the same as ever, it allows the spammer to quickly spam > > and depart. > > Indeed, dumping spam on secondary MXes is a standard technique. > > Lesson: Run the same configuration on primary and secondary (and > tertiary, etc...) MXes, or don't bother running it at all. > > > Backup MX should generally be whitelisted by tarproxy or de-listed > > as MX, there's no point in advertising as backup MX and then applying > > communications sanctions against it, thus loosing all the mail it > > aggregated. > > Don't white-list the secondary MX. That's exactly what the > spammers want you to do. Either don't use it as a secondary, or make > sure it's running the same configuration.
Hadn't thought of that - makes perfect sense. I'm still planning to add whitelisting, but in cases like this it seems like it would be a good idea to only whitelist your secondary if 1) you control it, and/or 2) you know that TarProxy (or something similar) is already running on it. If your secondary is at, say, your ISP, running TarProxy against it might provide your ISP some incentive to take measures at the SMTP level or lower as well. I'm not certain what the ISP will be able to do, though, as I would be surprised if TarProxy is appropriate for ISPs until its had some time to mature and undergo performance tweaking. - Marty -- Marty Lamb Martian Software <mlamb at martiansoftware dot com>
