You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Yang Xiao <yx...@gmail.com> on 2005/03/18 14:09:24 UTC
Spammers Target Secondary MX hosts?
Hi all,
I've been noticing it lately that almost 90% of emails come in through
our secondary MX host are spams, I just want to know if there's an
explanation for this, my guess is that the spammers spam the secondary
MX host intentionally for some reason I can't understand, maybe hoping
the secondary host will configured with less care?
Many thanks,
Yang
Re: Spammers Target Secondary MX hosts?
Posted by Kai Schaetzl <ma...@conactive.com>.
Yang Xiao wrote on Fri, 18 Mar 2005 08:09:24 -0500:
> I've been noticing it lately that almost 90% of emails come in through
> our secondary MX host are spams, I just want to know if there's an
> explanation for this, my guess is that the spammers spam the secondary
> MX host intentionally for some reason I can't understand, maybe hoping
> the secondary host will configured with less care?
>
Yes, that seems to be the idea.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org
Re: Spammers Target Secondary MX hosts?
Posted by Kurt Boyack <kb...@gmail.com>.
A secondary MX host will get mostly spam. Mailers that follow the
rules will use the MX records as they were intended. Spammers scan all
hosts for port 25 and send email through them any way they can. You
can put a machine on the Internet without any MX records and spam will
start flowing through it. It usually does not take them very long to
discover a mail server.
The upside is that the spam can be used for testing new versions of
SpamAssassin. :)
On Fri, 18 Mar 2005 08:09:24 -0500, Yang Xiao <yx...@gmail.com> wrote:
> Hi all,
> I've been noticing it lately that almost 90% of emails come in through
> our secondary MX host are spams, I just want to know if there's an
> explanation for this, my guess is that the spammers spam the secondary
> MX host intentionally for some reason I can't understand, maybe hoping
> the secondary host will configured with less care?
>
> Many thanks,
>
> Yang
>
Re[2]: Spammers Target Secondary MX hosts?
Posted by Henri van Riel <sp...@vanriel.xs4all.nl>.
> The theory is probably that they can pump spam through faster if
> they utilize all an ISP's inbound MX machines :)
The theory is that most ISP don't run spam filters on their secondary
MX's because "all" smtp clients will hit the primary first and that
"always" works. The secondaries are only for backup, just in case.
Spammers seem to know that...
I had the same problem once. Someone thought it would be nice to
randomly generate several thousands of fake email address for my
sub-domain and put it on a cd to sell to spammers. Most of the spam I
received was delivered to a secondary MX of my ISP's mail cluster, all
spam delivered to the primary got filtered out by my ISP. At some point
I got 15,000 spam mails per day! I pointed out to my ISP that spammers
were using the secondary MX's for spamming and they then removed the
secondaries from my sub-domain. Now I only accept mail from the
primary MX which has a robust spam filter.
--
Best regards,
Henri mailto:spamassassin@vanriel.xs4all.nl
Re: Spammers Target Secondary MX hosts?
Posted by Simon Byrnand <si...@igrin.co.nz>.
At 01:42 19/03/2005, Martin Hepworth wrote:
>I think the reason is that they think we might trust the secondary MX more
>than anything else and therefore let it through without checks.
I don't know about that. I think its more just a matter of the way the bulk
mailing software works. A "normal" SMTP client will always go for the
primary MX first, and only try a secondary if the primary is unreachable.
Therefore nearly all your legitimate mail will go to the primary directly,
unless your primary is down or overloaded and refusing connections.
On the other hand, I find that spam seems to hit the primary and secondary
in roughly equal measure - so I suspect the bulk mailers just pick an MX at
random rather than following the "primary first" standard that SMTP clients
should follow.
The theory is probably that they can pump spam through faster if they
utilize all an ISP's inbound MX machines :)
Regards,
Simon
Re: Spammers Target Secondary MX hosts?
Posted by Martin Hepworth <ma...@solid-state-logic.com>.
I think the reason is that they think we might trust the secondary MX
more than anything else and therefore let it through without checks.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Yang Xiao wrote:
> Hi all,
> I've been noticing it lately that almost 90% of emails come in through
> our secondary MX host are spams, I just want to know if there's an
> explanation for this, my guess is that the spammers spam the secondary
> MX host intentionally for some reason I can't understand, maybe hoping
> the secondary host will configured with less care?
>
> Many thanks,
>
> Yang
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
Re: Spammers Target Secondary MX hosts?
Posted by Duncan Hill <sa...@nacnud.force9.co.uk>.
On Monday 21 March 2005 11:05, Menno van Bennekom typed:
> > Clever trick. Do legitimate MTAs try to send to the second
> > highest MXer if the primary is down? If so a fake third MX
> > (even to a completely unused IP?) may have little downside.
> >
> > I.e.
> >
> > @ IN MX 5 realprimary.domain.com
> > @ IN MX 10 realbackup.domain.com
> > @ IN MX 20 fakebackup.domain.com
> >
> > Jeff C.
>
> AFAIK mailservers first try the highest prio, then the second highest
> etcetera.
> I once had a situation where both the primary and the secondary were down,
> but still mail to us didn't bounce, old mails just started streaming in
> when the servers came up. Somehow the mail-protocol is quite robust, I'm
> not worried about using a 'fake' third MX.
> Menno
Correct. SMTP is a (sort of) store-and-forward protocol. If I send a message
to you, my mail server stores the message, does the appropriate lookups and
tries to forward on. If the first MX fails (5), it'll try the next MX (10).
If the next one fails, it'll try the third (20). If that fails, it stores
the message and flags it for a retry n minutes/hours/days later. If the
message cannot be delivered after y days (hours in some cases), the server
generates a DSN for 'could not deliver the mail' and sends it to me.
My mail server may not talk to yours directly either. In the case of my
personal account, my postfix installation hands off to my ISP server for
relay work. If the ISP server is unable to deliver, it has to generate the
DSN - my box is no longer responsible.
RE: Spammers Target Secondary MX hosts?
Posted by Mark <ad...@asarian-host.net>.
> -----Original Message-----
> From: Niek [mailto:niek@packetstorm.nu]
> Sent: maandag 21 maart 2005 12:14
> To: users@spamassassin.apache.org
> Subject: Re: Spammers Target Secondary MX hosts?
>
>
> It's generally better to use the term distance when it comes
> to MX RRs. I'm aware the rfc's speak of priority, but a higher
> priority MX, has a lower number, and vice verse, hence distance
> makes more sense :)
And, in UNIX, a higher priority process has a lower number, too.
I am quite comfortable with that terminology.
- Mark
Re: Spammers Target Secondary MX hosts?
Posted by Niek <ni...@packetstorm.nu>.
On 3/21/2005 12:05 PM +0100, Menno van Bennekom wrote:
> AFAIK mailservers first try the highest prio, then the second highest
> etcetera.
It's generally better to use the term distance when it comes to MX RRs.
I'm aware the rfc's speak of priority, but a higher priority MX, has a lower number,
and vice verse, hence distance makes more sense :)
Niek
--
Re: Spammers Target Secondary MX hosts?
Posted by David Brodbeck <gu...@gull.us>.
On Mon, 21 Mar 2005 12:05:18 +0100 (CET), Menno van Bennekom wrote
> I once had a situation where both the primary and the secondary were
> down, but still mail to us didn't bounce, old mails just started
> streaming in when the servers came up.
Yes, the remote MTAs will queue them. The exact amount of time varies, but
it's usually at least a few days.
For that reason I tend to think secondary MXs are often more trouble than
they're really worth.
Re: Spammers Target Secondary MX hosts?
Posted by Menno van Bennekom <mv...@xs4all.nl>.
> Clever trick. Do legitimate MTAs try to send to the second
> highest MXer if the primary is down? If so a fake third MX
> (even to a completely unused IP?) may have little downside.
>
> I.e.
>
> @ IN MX 5 realprimary.domain.com
> @ IN MX 10 realbackup.domain.com
> @ IN MX 20 fakebackup.domain.com
>
> Jeff C.
AFAIK mailservers first try the highest prio, then the second highest
etcetera.
I once had a situation where both the primary and the secondary were down,
but still mail to us didn't bounce, old mails just started streaming in
when the servers came up. Somehow the mail-protocol is quite robust, I'm
not worried about using a 'fake' third MX.
Menno
Re: Spammers Target Secondary MX hosts?
Posted by Jeff Chan <je...@surbl.org>.
On Monday, March 21, 2005, 2:21:48 AM, Menno Bennekom wrote:
>> From: jdow
>> Wow, it's been awhile since this floated through the list the last time.
>>
>> The theory among the spammers is that the secondary and tertirary
>> MX machines are less well protected. "They're backups, afterall.
>> They're not used every day."
>>
>> Most canny anti-spammers are aware of this and may actually have the
>> secondaries nailed down a little tighter than the primaries.
> Indeed a lot of spam-programs/viruses address directly the highest MX-record.
> I point my highest MX-record (after the primary and backup MX) to an
> inactive mail-server, sort of second backup but postfix is stopped.
> Once in a while I active it just to look what's coming in, and it is a
> gigantic amount of spam/viruses/name-guessing.
> This solution really has lowered the amount of traffic on my main
> mailservers.
> Menno van Bennekom
Clever trick. Do legitimate MTAs try to send to the second
highest MXer if the primary is down? If so a fake third MX
(even to a completely unused IP?) may have little downside.
I.e.
@ IN MX 5 realprimary.domain.com
@ IN MX 10 realbackup.domain.com
@ IN MX 20 fakebackup.domain.com
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: Spammers Target Secondary MX hosts?
Posted by Menno van Bennekom <mv...@xs4all.nl>.
> From: jdow
> Wow, it's been awhile since this floated through the list the last time.
>
> The theory among the spammers is that the secondary and tertirary
> MX machines are less well protected. "They're backups, afterall.
> They're not used every day."
>
> Most canny anti-spammers are aware of this and may actually have the
> secondaries nailed down a little tighter than the primaries.
Indeed a lot of spam-programs/viruses address directly the highest MX-record.
I point my highest MX-record (after the primary and backup MX) to an
inactive mail-server, sort of second backup but postfix is stopped.
Once in a while I active it just to look what's coming in, and it is a
gigantic amount of spam/viruses/name-guessing.
This solution really has lowered the amount of traffic on my main
mailservers.
Menno van Bennekom
Re: OT: Re: Spammers Target Secondary MX hosts?
Posted by Jeff Chan <je...@surbl.org>.
On Saturday, March 19, 2005, 4:36:42 AM, alan premselaar wrote:
> I think you're thinking of Greylisting.
> It'll reject mail from a certain triple (sender/receiver/ip) the first
> time it comes in, record it in some form (database/filesystem/etc) and
> apply certain time delays so if the mail from the same triple comes back
> after a specified timeout, it'll be accepted.
Yep, a couple that I was pointed to are:
http://isg.ee.ethz.ch/tools/postgrey/
http://policyd.sourceforge.net/
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: OT: Re: Spammers Target Secondary MX hosts?
Posted by alan premselaar <al...@12inch.com>.
Jeff Chan wrote:
> On Friday, March 18, 2005, 2:13:23 PM, jdow jdow wrote:
>
>>From: "Yang Xiao" <yx...@gmail.com>
>
>
>
>>>Hi all,
>>>I've been noticing it lately that almost 90% of emails come in through
>>>our secondary MX host are spams, I just want to know if there's an
>>>explanation for this, my guess is that the spammers spam the secondary
>>>MX host intentionally for some reason I can't understand, maybe hoping
>>>the secondary host will configured with less care?
>
>
>>Wow, it's been awhile since this floated through the list the last time.
>
>
>>The theory among the spammers is that the secondary and tertirary
>>MX machines are less well protected. "They're backups, afterall.
>>They're not used every day."
>
>
>>Most canny anti-spammers are aware of this and may actually have the
>>secondaries nailed down a little tighter than the primaries.
>
>
> We're applying more RBLs to our backup server than our primary
> MXer.
>
> What was the trick for making a mail server delay or reject
> responses the first time an IP connects? I've heard this is very
> effective against spamware/zombies, etc. We're using Postfix, so
> this is definitely off topic.
>
> Jeff C.
I think you're thinking of Greylisting.
It'll reject mail from a certain triple (sender/receiver/ip) the first
time it comes in, record it in some form (database/filesystem/etc) and
apply certain time delays so if the mail from the same triple comes back
after a specified timeout, it'll be accepted.
alan
OT: Re: Spammers Target Secondary MX hosts?
Posted by Jeff Chan <je...@surbl.org>.
On Friday, March 18, 2005, 2:13:23 PM, jdow jdow wrote:
> From: "Yang Xiao" <yx...@gmail.com>
>> Hi all,
>> I've been noticing it lately that almost 90% of emails come in through
>> our secondary MX host are spams, I just want to know if there's an
>> explanation for this, my guess is that the spammers spam the secondary
>> MX host intentionally for some reason I can't understand, maybe hoping
>> the secondary host will configured with less care?
> Wow, it's been awhile since this floated through the list the last time.
> The theory among the spammers is that the secondary and tertirary
> MX machines are less well protected. "They're backups, afterall.
> They're not used every day."
> Most canny anti-spammers are aware of this and may actually have the
> secondaries nailed down a little tighter than the primaries.
We're applying more RBLs to our backup server than our primary
MXer.
What was the trick for making a mail server delay or reject
responses the first time an IP connects? I've heard this is very
effective against spamware/zombies, etc. We're using Postfix, so
this is definitely off topic.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: Spammers Target Secondary MX hosts?
Posted by jdow <jd...@earthlink.net>.
From: "Yang Xiao" <yx...@gmail.com>
> Hi all,
> I've been noticing it lately that almost 90% of emails come in through
> our secondary MX host are spams, I just want to know if there's an
> explanation for this, my guess is that the spammers spam the secondary
> MX host intentionally for some reason I can't understand, maybe hoping
> the secondary host will configured with less care?
Wow, it's been awhile since this floated through the list the last time.
The theory among the spammers is that the secondary and tertirary
MX machines are less well protected. "They're backups, afterall.
They're not used every day."
Most canny anti-spammers are aware of this and may actually have the
secondaries nailed down a little tighter than the primaries.
{^_-}
Re: Spammers Target Secondary MX hosts?
Posted by ga...@netrox.net.
I just had the reverse problem. Working for a large company using Exchange
for outbound business email we were always hitting one company's secondary
MX which was broken (sent back rejections).
Our servers just liked the second MX better than the primary MX for some
reason. When I manually telneted into both the primary and the secondary
MX I noticed the secondary responded much faster than the primary to
commands. So maybe the primary just could not respond quick enough to our
email server so it flipped to the secondary which was much faster. (just
guessing here)
> Hi all,
> I've been noticing it lately that almost 90% of emails come in through
> our secondary MX host are spams, I just want to know if there's an
> explanation for this, my guess is that the spammers spam the secondary
> MX host intentionally for some reason I can't understand, maybe hoping
> the secondary host will configured with less care?
>
> Many thanks,
>
> Yang
>
Re: Spammers Target Secondary MX hosts?
Posted by Alexander Bochmann <ab...@lists.gxis.de>.
...on Fri, Mar 18, 2005 at 10:24:25AM -0800, Kelson wrote:
> The backscatter becomes a real problem in the legitimate relay
> situation, because it's basically unavoidable. If the spam is sent
> directly to you, you can accept it, discard it, or reject it, and it
> stops. But if you're relaying to someone, and *they* reject it, now you
> have to decide whether to generate a DSN or not. We've actually set up
When I was in that situation, my solution turned out
to be milter-ahead, http://www.milter.info/milter-ahead/index.shtml
but that won't help you if you're not running sendmail :)
Alex.
Re: Spammers Target Secondary MX hosts?
Posted by Kenneth Porter <sh...@sewingwitch.com>.
--On Friday, March 18, 2005 10:24 AM -0800 Kelson <ke...@speed.net> wrote:
> But if you're relaying to someone, and *they* reject it, now you have to
> decide whether to generate a DSN or not.
Using MIMEDefang I don't reject for mail relayed from my secondary:
<http://www.mimedefang.org/kwiki/index.cgi?CheckForMX>
Re: Spammers Target Secondary MX hosts?
Posted by "Chr. von Stuckrad" <st...@mi.fu-berlin.de>.
On Fri, Mar 18, 2005 at 10:24:25AM -0800, Kelson wrote:
...
> 5. We generate DSNs that go to third parties or nonexistant hosts,
> contributing to backscatter and cluttering up our outbound queue.
...
Even worse, the result of bounces sent by _our_ MTA was
being Spamcop-RBLed for hitting spamtraps with those
bounces! So being a secondary MX might even disrupt your
(own) service, and only the second queue you mentioned
might have helped agains that! But we don't have THAT yet.
Stucki (bounce-annoyed postmaster)
--
Christoph von Stuckrad * * |nickname |<st...@math.fu-berlin.de>\
Freie Universitaet Berlin |/_*|'stucki' |Tel(days):+49 30 838-75 459|
Fachbereich Mathematik, EDV|\ *|if online|Tel(else):+49 30 77 39 6600|
Arnimallee 2-6/14195 Berlin* * |on IRCnet|Fax(alle):+49 30 838-75454/
Re: Spammers Target Secondary MX hosts?
Posted by Kelson <ke...@speed.net>.
Larry Starr wrote:
> On Friday 18 March 2005 08:17, Alexander Bochmann wrote:
>>there are many setups where
>>the ISP or someone else runs a backup MX for his
>>customer's domains as a service. With this configuration,
>>the secondary MX will usually not know about valid users
>>in the destination domain.
>
> That, in fact, is the setup that I am operating and, yes, most of what comes
> through my secondary MX, at my ISP, is SPAM. Some time ago I implemented a
> rule that adds a (small) spam score for mail received via my secondary MX.
I'm on the flip side of that: we provide secondary MX services for some
of our customers, and I've started adding a small bonus score for mail
being sent *to* them through our server. I've also added meta-rules to
treat certain rules more harshly.
The really annoying thing, from our standpoint, is the backscatter we
have to process:
1. Spammer sends to secondary MX (us).
2. We filter out some of the more obvious spam (for the most part using
our regular criteria).
3. We relay what's left to the primary MX.
4. Primary MX rejects mail to nonexistant users and mail that trips
their own spam filters.
5. We generate DSNs that go to third parties or nonexistant hosts,
contributing to backscatter and cluttering up our outbound queue.
The backscatter becomes a real problem in the legitimate relay
situation, because it's basically unavoidable. If the spam is sent
directly to you, you can accept it, discard it, or reject it, and it
stops. But if you're relaying to someone, and *they* reject it, now you
have to decide whether to generate a DSN or not. We've actually set up
a separate queue for bounces that aren't delivered immediately, so that
it won't bog down normal mail.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
Re: Spammers Target Secondary MX hosts?
Posted by Larry Starr <la...@fullcompass.com>.
On Friday 18 March 2005 08:17, Alexander Bochmann wrote:
> ...on Fri, Mar 18, 2005 at 08:52:23AM -0500, Yang Xiao wrote:
> > On Fri, 18 Mar 2005 13:48:46 +0000, Duncan Hill <dh...@cricalix.net>
wrote:
> > > In a large number of cases, the secondary MX is not configured to know
> > > the list of valid users etc, and may be configured to pass directly to
> > > the internal mail server, bypassing protections on the primary relay.
> >
> > hm...I'd be interested to know what's the percentage is like for this
> > kind of settings just to feed my curiousity, because it totally
> > doesn't make sense to me , it's like settings up a secondary firewall
> > with no blocking rules, what good is it?
>
> It shurely doesn't make sense if the secondary MX is
> under your control, but there are many setups where
> the ISP or someone else runs a backup MX for his
> customer's domains as a service. With this configuration,
> the secondary MX will usually not know about valid users
> in the destination domain.
>
> Therefore it makes sense for the spammers to deliver
> mail to the secondary MX, as they can always claim
> that 100% of the mails have been successfully delivered.
>
> Alex.
That, in fact, is the setup that I am operating and, yes, most of what comes
through my secondary MX, at my ISP, is SPAM. Some time ago I implemented a
rule that adds a (small) spam score for mail received via my secondary MX.
--
Larry G. Starr - larrys@fullcompass.com or starrl@globaldialog.com
Software Engineer: Full Compass Systems LTD.
Phone: 608-831-7330 x 1347 FAX: 608-831-6330
===================================================================
There are only three sports: bullfighting, mountaineering and motor
racing, all the rest are merely games! - Ernest Hemmingway
Re: Spammers Target Secondary MX hosts?
Posted by qqqq <qq...@usermail.com>.
| One possibility is to list your primary again as the tertiary, possibly
| under a different name and/or IP address. Spammers that deliver in reverse
| MX order will still end up trying to deliver to your primary first.
I tried this and it resulted in mail loops when one of the servers was down.
I like the suggestion below better.
QQQQ
| You could also list a bogus server in IP "dark space" (ie. an address
known
| to have no listening server) so that the spammer must first check the
empty
| address first. Even better is when there's a host there that drops packets
| (no TCP reset or ICMP port unreachable reply) to port 25, so that the
| spammer must time out the TCP connection attempt.
|
|
Re: Spammers Target Secondary MX hosts?
Posted by Kenneth Porter <sh...@sewingwitch.com>.
--On Friday, March 18, 2005 3:17 PM +0100 Alexander Bochmann
<ab...@lists.gxis.de> wrote:
> It shurely doesn't make sense if the secondary MX is
> under your control, but there are many setups where
> the ISP or someone else runs a backup MX for his
> customer's domains as a service. With this configuration,
> the secondary MX will usually not know about valid users
> in the destination domain.
>
> Therefore it makes sense for the spammers to deliver
> mail to the secondary MX, as they can always claim
> that 100% of the mails have been successfully delivered.
One possibility is to list your primary again as the tertiary, possibly
under a different name and/or IP address. Spammers that deliver in reverse
MX order will still end up trying to deliver to your primary first.
You could also list a bogus server in IP "dark space" (ie. an address known
to have no listening server) so that the spammer must first check the empty
address first. Even better is when there's a host there that drops packets
(no TCP reset or ICMP port unreachable reply) to port 25, so that the
spammer must time out the TCP connection attempt.
Re: Spammers Target Secondary MX hosts?
Posted by Alexander Bochmann <ab...@lists.gxis.de>.
...on Fri, Mar 18, 2005 at 08:52:23AM -0500, Yang Xiao wrote:
> On Fri, 18 Mar 2005 13:48:46 +0000, Duncan Hill <dh...@cricalix.net> wrote:
> > In a large number of cases, the secondary MX is not configured to know the
> > list of valid users etc, and may be configured to pass directly to the
> > internal mail server, bypassing protections on the primary relay.
> hm...I'd be interested to know what's the percentage is like for this
> kind of settings just to feed my curiousity, because it totally
> doesn't make sense to me , it's like settings up a secondary firewall
> with no blocking rules, what good is it?
It shurely doesn't make sense if the secondary MX is
under your control, but there are many setups where
the ISP or someone else runs a backup MX for his
customer's domains as a service. With this configuration,
the secondary MX will usually not know about valid users
in the destination domain.
Therefore it makes sense for the spammers to deliver
mail to the secondary MX, as they can always claim
that 100% of the mails have been successfully delivered.
Alex.
Re: Spammers Target Secondary MX hosts?
Posted by Yang Xiao <yx...@gmail.com>.
On Fri, 18 Mar 2005 13:48:46 +0000, Duncan Hill <dh...@cricalix.net> wrote:
> On Friday 18 March 2005 13:09, Yang Xiao typed:
> > Hi all,
> > I've been noticing it lately that almost 90% of emails come in through
> > our secondary MX host are spams, I just want to know if there's an
> > explanation for this, my guess is that the spammers spam the secondary
> > MX host intentionally for some reason I can't understand, maybe hoping
> > the secondary host will configured with less care?
>
> In a large number of cases, the secondary MX is not configured to know the
> list of valid users etc, and may be configured to pass directly to the
> internal mail server, bypassing protections on the primary relay.
hm...I'd be interested to know what's the percentage is like for this
kind of settings just to feed my curiousity, because it totally
doesn't make sense to me , it's like settings up a secondary firewall
with no blocking rules, what good is it?
Yang