Re: dissapointed >> dummy MX record

[li...@zeta.net]

>  > I added a dummy mx record (lowest preference) as we all know its
>>  generally the one th spammers target first, which is getting hit with
>>  about 50% of our daily connections, of which i defer all of them at a
>>  very low overhead.
>>
>
>May I ask what kind of software/settings do you use to defer the
>connections?  I've been wanting to do this myself, but haven't figured
>out an easy way to do this without writing code.


This sounds like a great idea.  Does anyone here have any idea how to do
this with qmail?  exactly:  I know how to install qmail, and I know how to
setup the MX record, but I don't know how to tell the qmail server to
*defer* all requests, so that the spammers are content to keep sending
their spam into my virtual trash can!

Regards,
Devin

Re: dissapointed >> dummy MX record

[Ronan McGlue <r....@qub.ac.uk>]

lists@zeta.net wrote:
>>  > I added a dummy mx record (lowest preference) as we all know its
>>
>>>  generally the one th spammers target first, which is getting hit with
>>>  about 50% of our daily connections, of which i defer all of them at a
>>>  very low overhead.
>>>
>>
>> May I ask what kind of software/settings do you use to defer the
>> connections?  I've been wanting to do this myself, but haven't figured
>> out an easy way to do this without writing code.
> 
> 
> 
> This sounds like a great idea.  Does anyone here have any idea how to do
> this with qmail?  exactly:  I know how to install qmail, and I know how to
> setup the MX record, but I don't know how to tell the qmail server to
> *defer* all requests, so that the spammers are content to keep sending
> their spam into my virtual trash can!
> 
> Regards,
> Devin
umm well its quite simple really and kudos go to the exim list for this one!

It is simply a matter of setting up a second ip on (eg) your primary mx 
server. adding the mx into your dns and pointing it at the new IP. then 
add a line to your existing mail config on the primary to the effect...

if match_interface:spam_IP defer_connection

not *deny / reject*

this has a two fold benefit...

spammers generally dont retry a server if they dont get a positive 
immediate reply... ( too many exchange servers in the world to worry 
about trying to trick a expeerienced relay ) so they move on to their 
nexxt server in their ACME BIG LIST OF SERVERS

If a legitamit sending host for whatever reason has tried all other mx's 
and gets to your dummy mx... they dont recieve a 550 or similar and give 
up but they *should* back off and retry in however long is configured.


what i noticed we had to do, was due to the max connections limited on 
the primary and with the advent of all the dummy conns going to the same 
daemon... it was a small denial of service for our legitimate mail so 
all we had to do was set up a second daemon which only matched the dummy 
IP...

hope it helps
-- 
========

Regards

Ronan McGlue
Info. Services
QUB