Eliminating "noise" from secondary MX
Brett Glass
brett at lariat.org
Mon Jun 23 07:48:41 PDT 2003
We have a FreeBSD machine, running Sendmail, that's set up as a secondary
MX for several domains.
Lately, as the tide of spam continues to increase, this machine is
sending large volumes of messages to "Postmaster", and this is
interfering with normal monitoring of the server.
Here's more detail. A spammer sends to a nonexistent address in a domain
for which the host is a secondary mail exchanger. Many spammers' software
is actually set up to use secondary mail exchangers rather than
primaries, because they're less likely to have effective antispam
software running. (Even if they use public blacklists, they rarely use a
blacklist or whitelist provided by the domain for which they're a secondary.)
The secondary mail exchanger tries to send the message on to its
destination, but the mail is bounced by the primary mail host (either as
spam or because it has been sent to an invalid address). So, the
secondary dutifully tries to notify the sender that the message didn't
get through.
Of course, the "From:" and "Reply-to:" headers of the spam contain either
a completely bogus address or one that has quickly been shut down due to
spamming. So, the host, not knowing what else to do, sends a notice to
Postmaster, saying that the notice to the sender could not be delivered.
What's the easiest way to suppress this resource-consuming, mailbox
clogging chain reaction?
--Brett Glass
More information about the freebsd-questions
mailing list