Wierd question

[Scott Silva]

Chuck Rock spake the following on 7/2/2007 1:14 PM:
> Excellent, I will test.
> 
> Basically for the other guy, I had a mail server running MS and clamAV and
> SpamAssassin. All free stuff, works nice mostly.
> 
> I purchased a Barracuda to "add" domains to with an extra fee for the
> expensive commercial spam filter.
> 
> The final destination server is still the same. I just changed MX so only
> the Barracuda was listed. 
> 
> What I've found through experience though, servers will continue to send
> mail to the old MX record even though it doesn't exist. I still have servers
> receiving messages for domains we haven't hosted for years.
> 
> To keep the spammers from bypassing the new Barracuda filter inserted in the
> mail flow, I must make the final destination server ignore messages from all
> other IP's for incoming mail destined for specific domains and only allow
> them from the new spam filter device IP.
> 
> If any of you have a filter like this, and you haven't limited the old MX
> server from receiving mail from just any IP for the domain, spam is probably
> getting past your new filter.
> 
None of my MX's will relay anything that they are not supposed to relay. If an
MX doesn't need to relay a domain anymore, it should reject it. You want to
reject at the first point of connection, or you have to bounce an NDR and take
a chance of being a joe-job relay.
 In sendmail, you remove that domain from the relay_domains, I'm sure every
other MTA has the same feature. An MX should not blindly relay anything. If it
relays for one or a hundred domains, that is all it should be configured for.
Sure it is a little more work, but it doesn't get changed much.
-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!