[CentOS] Centos 6 Sendmail backup MX Config

Ken Smith kens at kensnet.org
Fri Feb 13 18:18:28 UTC 2015


Les Mikesell wrote:
> On Fri, Feb 13, 2015 at 11:39 AM, Valeri Galtsev
> <galtsev at kicp.uchicago.edu> wrote:
>>>    Otherwise it accept junk that your primary rejects
>> Not exactly. If greylisting on primary is set, but on backup MX is not,
>> still what is killed by greylisting by primary MX, almost never will come
>> through backup MX. This is due to the same reason why greylisting is
>> efficient: it trows off all that doesn't behave as mail server (thus never
>> comes for re-delivery, and definitely doesn't try backup MX which real
>> servers always do even before attempt of re-delivery).
> I'm not convinced. Spam is big business and trying a 2nd MX is cheap.
>
>> Still, it is good
>> to have the same greylisting on backup MX. And all other blows and
>> whistles.
> Greylisting would be kind of hard to do right.  You'd have to keep the
> known-good senders in sync across the receivers.   But my bigger worry
> would be a dictionary-type attack on user names as recipients if you
> don't have access to the real user list on the secondary.  Aside from
> the blowback of the bounces, if you've ever accepted an address it is
> likely to get on lists of known-good spam and cause extra traffic
> forever after.
>
In this case the secondary MX has the same RBL's etc etc as the primary. 
I do see the spammers sending their junk to the secondary more than the 
primary MX. Agree the secondary does not know the difference between 
valid and invalid addresses.

Thoughts on my configuration?? I might just change the DNS name in the 
secondary MX anyway.

Ken

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the CentOS mailing list