spamassassin not lethal anymore
Kurt Buff
kurt.buff at gmail.com
Thu Jan 12 04:05:51 UTC 2017
On Wed, Jan 11, 2017 at 5:34 PM, Russell L. Carter <rcarter at pinyon.org> wrote:
> On 01/11/17 17:24, Kurt Buff wrote:
>>
>> Snippety snip...
>>
>> On Wed, Jan 11, 2017 at 4:13 PM, Russell L. Carter <rcarter at pinyon.org>
>> wrote:
>>>
>>> On 01/11/17 14:05, Steve O'Hara-Smith wrote:
>>>>
>>>>
>>>> On Wed, 11 Jan 2017 13:45:47 -0700
>>>> "Russell L. Carter" <rcarter at pinyon.org> wrote:
>>>> most of it botnet sourced. I've pretty much eliminated it now by a
>>>> combination of installing dcc and razor plugins to spamassassin (reduced
>>>> the spam getting through by 70% or so) and adding a backup MX with a
>>>> free
>>>> service that only accepts messages to relay when the primary is down
>>>> (it's
>>>> amazing how much spam stopped coming in when I did that).
>>>>
>>>
>>> I'm not sure what you mean here, can you elaborate a bit more? I can
>>> do anything I like with my MX hosts so I'm game. I *think* I'm
>>> already doing that. I have multiple domains, and so I have a primary
>>> MX and a couple of backup MX hosts (one of which is effectively a
>>> passive dovecot replicator, lordy that works fantastic). The backup
>>> MX hosts are lower priority than the primary. Are you doing something
>>> different?
>>
>>
>> A secondary MX that refuses mail when the primary is up and running
>> foils one of the favorite tactics of spammers - they will often target
>> the secondary MX because those are often not as up to date with
>> anti-spam measures. Most spambots try one MX, one time only.
>>
>> Many spambots will try that secondary MX, get refused with a 4xx
>> error, and not bother to try the primary MX at all.
>>
>> It can be a big win, in the right situation.
>
>
> Ah. Awesome. How do I do that?
>
> Russell
As Steve O'Hara Smith wrote, there are free services that can do that.
Perhaps he can mention which one he uses.
But, if you have a spare public IP address, I suppose you could set up
another MX with postfix and have it respond to all inbound with a 4xx.
Greylisting, as someone else mentioned, is probably a really good
alternative - that responds with a temp fail message, and again most
spambots won't try again.
Kurt
More information about the freebsd-questions
mailing list