Re: Centos 6 Sendmail backup MX Config

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Fri, Feb 13, 2015 at 12:32 PM, Valeri Galtsev
<galtsev@xxxxxxxxxxxxxxxxx> wrote:
>
> I stated pure observation on at least two pairs of primary - backup MX I
> maintain. Still I made backup MXes with greylisting as well (they are
> separately hit by same bad spammers scripts, at a rate about 10 times
> smaller than primary MXes are and absolutely independently).

I think that's unusual - spammers often target the secondaries as a
preference on the premise that they are likely to not be as
well-configured as the primary.  But it has been a while since I ran
one so maybe things have changed.

>>> Still, it is good
>>> to have the same greylisting on backup MX. And all other blows and
>>> whistles.
>>
>> Greylisting would be kind of hard to do right.  You'd have to keep the
>> known-good senders in sync across the receivers.   But my bigger worry
>> would be a dictionary-type attack on user names as recipients if you
>> don't have access to the real user list on the secondary.
>
> With standard backup MX based on postix (with rather trivial
> configuration) you always do have list of legitimate recipients of primary
> MX on the secondary MX.

Doing greylisting right means you also have to keep the table of
already-known senders up to date and that may be very dynamic.

-- 
   Les Mikesell
     lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux