Milter-greylist

Hi,

I'd like to configure sendmail and milter-greylist, so that
sendmail listens to two different IP-address, but have
milter-greylist act on only one address.

Is this a sendmail/milter configuration issue. or should
this be handled inside the milter?

The reason for this setup is so I can have two MX
records for one mailserver, and only bother mail
that is sent to the MX with the lowest priority.

Spammers seem to prefer secondary mailservers
over primary ones; using milter-greylist on a
secondary MX only catches a lot of spam, without
bothering any legitimate mail.

Thanks,
Pim

Pim Zandbergen <P.Zandbergen@...> wrote:

> Spammers seem to prefer secondary mailservers
> over primary ones; using milter-greylist on a
> secondary MX only catches a lot of spam, without
> bothering any legitimate mail.

Last time I heard about that, I was given the following reason: 

regular mail prefer the primary MX, whereas spamware sends to any MX,
regardless of the priority. This leads to ham/spam ratio being lower on
secondary MX than on primary MX. But that does not mean spammers prefer
secondary MX. 

Has this changed over the time? What's the purpose of targetting the
secondary MX?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...

According to manu@...:
> 
> Last time I heard about that, I was given the following reason: 
> 
> regular mail prefer the primary MX, whereas spamware sends to any MX,
> regardless of the priority. This leads to ham/spam ratio being lower on
> secondary MX than on primary MX. But that does not mean spammers prefer
> secondary MX. 
> 
> Has this changed over the time? What's the purpose of targetting the
> secondary MX?

interesting questions.

My own experience is that it depends on the type of spam(mer)s. Some
prefer secondaries only, some prefer primaries, some try both.

Just had a look at one of my domains stats.
Around 75~80% hit the secondary MXs (and from those, only 10% max also
try the primary). The primary also get it's own load of (unique) spam
so I guess they are coming from different spam-tools.

And BTW, ~99.9% of the smtp cnx on the secondaries are spam, hopefully almost
all blocked.

My numbers (from m-greylist) may be a little bit off because I have so
many different anti-spam mechanisms running at the same time, some before
milter-greylist.

/Fabien

PZ> I'd like to configure sendmail and milter-greylist, so that
PZ> sendmail listens to two different IP-address, but have
PZ> milter-greylist act on only one address.
PZ> Is this a sendmail/milter configuration issue. or should
PZ> this be handled inside the milter?

I'd probably run two instances of sendmail, each for its own IP
address, with different sendmail.cfs given in command line...
Can't remember another solution.

To others: secondary MXes are often known to be less protected
from spam, that's why many spammers prefer to send to secondary
MX.

Best regards,
Denis Solovyov

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

manu@... wrote on 21-8-2006 21:23:

> Has this changed over the time? What's the purpose of targetting the
> secondary MX?

Spammers assume the secondary MX has less defenses. They could be the
ISP's that offers fallback services to all its customers. A fallback
usually will not know all the addresses in a domain and accept anything
that is offered.

- --
Peter Peters, senior beheerder (Security)
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE6tW+elLo80lrIdIRAkHmAJ0THcR1kXsRE0G+DNScpg8hJpaf2QCfb6yS
AcCEMZa9Lhvv/dJxMa+NU/Y=
=qO8O
-----END PGP SIGNATURE-----

> PZ> I'd like to configure sendmail and milter-greylist, so that
> PZ> sendmail listens to two different IP-address, but have
> PZ> milter-greylist act on only one address.
> PZ> Is this a sendmail/milter configuration issue. or should
> PZ> this be handled inside the milter?
> 
> I'd probably run two instances of sendmail, each for its own IP
> address, with different sendmail.cfs given in command line...
> Can't remember another solution.

Sendmail looks to be able to tell milters the IP address of the local
side for each connection via ${daemon_addr}. If I am right, milters
can use it trivially. Alternatively, sendmail.cf hackers can write a
ruleset to define ${greylist} depending on ${daemon_addr}.

> To others: secondary MXes are often known to be less protected
> from spam, that's why many spammers prefer to send to secondary
> MX.

Another possible answer: primary MXes just reject mails to nonexistent
accounts but secondaries tend to bounce them. Spammers get the second
chance to deliver their mails.