I've used a different approach, IN MX 10 primary.domain.com (4 machines) IN MX 20 primary1.domain.com (2 of those 4) IN MX 30 primary1.domain.com (the other 2 of those 4) IN MX 20 backup.domain.com IN MX 30 primary.domain.com
Seems to force most of the spam through the primary. Very little goes through the backup now. To make matters simpler, we have changed all of our backups to relay all mail through the primaries. We spend a considerable amount of time ensuring that the backups were in sync and it has also increases the licensing of some of our software (as we have a commercial AV application that is licensed per server). Our primary location has a load balanced set of 4 servers serving as incoming relays that feed back to two AV servers and two SA servers (with bayes running on another server with mysql). We had a similar setup as the backup location. Anyways, by setting the backup (highest MX) as the primary as well had a significant decrease in the level of spam. One thing that we will be implementing shortly is a second IP for the same primary load balanced relays and we will make that second IP the final backup. This should help trick the spammers in the event they decided to compare the IP's in the future. That's what we have done to manage the situation. Gary Wayne Smith -----Original Message----- From: Menno van Bennekom [mailto:[EMAIL PROTECTED] Sent: Monday, March 21, 2005 3:05 AM To: Jeff Chan Cc: users@spamassassin.apache.org Subject: Re: Spammers Target Secondary MX hosts? > Clever trick. Do legitimate MTAs try to send to the second > highest MXer if the primary is down? If so a fake third MX > (even to a completely unused IP?) may have little downside. > > I.e. > > @ IN MX 5 realprimary.domain.com > @ IN MX 10 realbackup.domain.com > @ IN MX 20 fakebackup.domain.com > > Jeff C. AFAIK mailservers first try the highest prio, then the second highest etcetera. I once had a situation where both the primary and the secondary were down, but still mail to us didn't bounce, old mails just started streaming in when the servers came up. Somehow the mail-protocol is quite robust, I'm not worried about using a 'fake' third MX. Menno
