Print Page | Close Window

How to filter spam sent via backup MX?

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=312
Printed Date: 12 December 2017 at 10:38pm


Topic: How to filter spam sent via backup MX?
Posted By: Guests
Subject: How to filter spam sent via backup MX?
Date Posted: 21 April 2003 at 12:24pm
I did a check of the spam that was still coming through and it appears a lot of it is being sent directly to the backup MX server, so that when it get sent to the main mail server, it passes through without filtering since that is an authorized IP address to the main mail server.  How do you suggest getting around this type of spam?



Replies:
Posted By: Guests
Date Posted: 21 April 2003 at 12:44pm

I did a check of the spam that was still coming through and it appears a lot of it is being sent directly to the backup MX server, so that when it get sent to the main mail server, it passes through without filtering since that is an authorized IP address to the main mail server.  How do you suggest getting around this type of spam?

It sounds like you want SpamFilter to filter mail on a server it's not running on...or did I misunderstand your question? It sounds to me like you need to point all relevant MX records to your SpamFilter server.



Posted By: LogSat
Date Posted: 21 April 2003 at 5:31pm

Alan,

At http://logsat.com/spamfilter/details.asp" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://logsat.com/spamfilter/details.asp" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://logsat.com/spamfilter/details.asp  you'll find more info on this, in the meantime here's the section that concerns you:

======================================

Please note the comment relative to the backup MX record. While it's a good idea to add them in case with problems with SpamFilter, keep in mind that some spammers will send emails to any server they find an MX record for. This means that they can send mail directly to your unprotected MTA, which will bypass SpamFilter and thus deliver the spam to the intended recipient. A good tradeoff would be to leave the backup MX during your testing phases, then remove it when you are confident SpamFilter does it's job.

======================================

As long as you have an SMTP server listening on an IP that has a corresponding MX record, spammers will likely send emails to it, as you noticed already.

Your easier option, if you do want to keep the secondary(s) MX records for redundancy, is to place SpamFilter or another anti-spam solution on those IPs as well to block the spam there as well.

To prove that we don't want to sell more licenses :-) and if you want to give your programmers a bit of work, you could try the following:

Configure the SMTP server on the secondary MX to trust only the IP SpamFilter uses, so that only connections from that IP are trusted. This way internet users cannot send email to it directly. Write a small app that checks to see if the primary MX's IP is listening on port 25 (if nost the primary MX is down, spamfitler has crashed, the server has crashed, or whatever). If not, your app could configure on the fly your SMTP server to now listen on all IPs, not only the trusted on on the primary MX. It's a bit of work, and it may or not be possible to implement depending on your SMTP server, but it's an alternative if you don't want to place SpamFilter on all your secondaries.

Roberto Franceschetti
LogSat Software



Posted By: dcook
Date Posted: 24 April 2003 at 11:59pm

Would having several redundant MX records for the Spamfilter in place before the protected mail server work? For example:

metric 0 spamfilter
metric 10 spamfilter
metric 20 spamfilter
metric 30 mailserver

I am trying this now - will this help prevent mail from bypassing the spamfilter and going directly to the mailserver as mucnh while still providing a backup configuration?

 


 

 



Posted By: LogSat
Date Posted: 25 April 2003 at 4:12pm

We never thought of that. It would depend on how spammers go for your secondary MXs. If they try sending email to the first MX, it fails, and then go thru all your secondaries until one goes thru, the idea probably won't work. But then they may not work like that, in which case you may be right.

We'd be interested in finding out your results after the test!

Roberto F.
LogSat Software




Print Page | Close Window