[CentOS] Centos 6 Sendmail backup MX Config

Fri Feb 13 18:41:58 UTC 2015
Les Mikesell <lesmikesell at gmail.com>

On Fri, Feb 13, 2015 at 12:32 PM, Valeri Galtsev
<galtsev at kicp.uchicago.edu> wrote:
>
> I stated pure observation on at least two pairs of primary - backup MX I
> maintain. Still I made backup MXes with greylisting as well (they are
> separately hit by same bad spammers scripts, at a rate about 10 times
> smaller than primary MXes are and absolutely independently).

I think that's unusual - spammers often target the secondaries as a
preference on the premise that they are likely to not be as
well-configured as the primary.  But it has been a while since I ran
one so maybe things have changed.

>>> Still, it is good
>>> to have the same greylisting on backup MX. And all other blows and
>>> whistles.
>>
>> Greylisting would be kind of hard to do right.  You'd have to keep the
>> known-good senders in sync across the receivers.   But my bigger worry
>> would be a dictionary-type attack on user names as recipients if you
>> don't have access to the real user list on the secondary.
>
> With standard backup MX based on postix (with rather trivial
> configuration) you always do have list of legitimate recipients of primary
> MX on the secondary MX.

Doing greylisting right means you also have to keep the table of
already-known senders up to date and that may be very dynamic.

-- 
   Les Mikesell
     lesmikesell at gmail.com