On Fri, February 13, 2015 12:41 pm, Les Mikesell wrote: > On Fri, Feb 13, 2015 at 12:32 PM, Valeri Galtsev > <galtsev at kicp.uchicago.edu> wrote: >> >> I stated pure observation on at least two pairs of primary - backup MX I >> maintain. Still I made backup MXes with greylisting as well (they are >> separately hit by same bad spammers scripts, at a rate about 10 times >> smaller than primary MXes are and absolutely independently). > > I think that's unusual - spammers often target the secondaries as a > preference on the premise that they are likely to not be as > well-configured as the primary. But it has been a while since I ran > one so maybe things have changed. Consider me lucky... > >>>> Still, it is good >>>> to have the same greylisting on backup MX. And all other blows and >>>> whistles. >>> >>> Greylisting would be kind of hard to do right. You'd have to keep the >>> known-good senders in sync across the receivers. But my bigger worry >>> would be a dictionary-type attack on user names as recipients if you >>> don't have access to the real user list on the secondary. >> >> With standard backup MX based on postix (with rather trivial >> configuration) you always do have list of legitimate recipients of >> primary >> MX on the secondary MX. > > Doing greylisting right means you also have to keep the table of > already-known senders up to date and that may be very dynamic. > If you are kind person, yes. Sqlgrey is designed to work simultaneously for primary, secondary (and tretary maybe - didn't check) MXes. Yet, even if they are independent, all will work, you are just not being nice to other servers and make them make 3 delivery attempts (the last is successful) instead of two (that is: primary MX - "temporary failure", secondary - "temporary failure", primary after some time - accepted; instead of primary MX - "temporary failure", secondary - accepted which will be in nice configuration common for both MXes greylisting engine and database). Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++