Eliminating "noise" from secondary MX

Brett Glass brett at lariat.org
Mon Jun 23 07:48:41 PDT 2003


We have a FreeBSD machine, running Sendmail, that's set up as a secondary 
MX for several domains.

Lately, as the tide of spam continues to increase, this machine is 
sending large volumes of messages to "Postmaster", and this is 
interfering with normal monitoring of the server.

Here's more detail. A spammer sends to a nonexistent address in a domain 
for which the host is a secondary mail exchanger. Many spammers' software 
is actually set up to use secondary mail exchangers rather than 
primaries, because they're less likely to have effective antispam 
software running. (Even if they use public blacklists, they rarely use a 
blacklist or whitelist provided by the domain for which they're a secondary.)

The secondary mail exchanger tries to send the message on to its 
destination, but the mail is bounced by the primary mail host (either as 
spam or because it has been sent to an invalid address). So, the 
secondary dutifully tries to notify the sender that the message didn't 
get through.

Of course, the "From:" and "Reply-to:" headers of the spam contain either 
a completely bogus address or one that has quickly been shut down due to 
spamming. So, the host, not knowing what else to do, sends a notice to 
Postmaster, saying that the notice to the sender could not be delivered.

What's the easiest way to suppress this resource-consuming, mailbox 
clogging chain reaction?

--Brett Glass



More information about the freebsd-questions mailing list