cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1510
Views
0
Helpful
7
Replies

Question: how do you handle mail coming in via relays

I discovered a problem I'd like your opinions on.

Assume my external DNS entries look like

mydomain.com MX 10 mail.mydomain.com
mydomain.com MX 20 mail.myprovider.com

The first entry points to an Ironport, well protected. But the spammers know that, so they deliberately pick the second - the provider's sendmail. That accepts everything and tries to get it off to mail.mydomain.com. Of course, there will be a lot of unknown recipients, so the directory harvest protection kicks in and blocks. As a result, the queues fill up there with thousands of mails.

Now you could say: just drop all mail coming in that way. But of couse I cannot. There might be the odd legitimate mail in there.

What now?

Option a) Accept all mail coming in from that host even if the recipient is invalid an drop it silently. Don't know how to do that. Apparently the listener cannot discriminate between connecting hosts.

Option b) get rid of that secondary MX. Won't help anyway, as it is always cluttered with junk.

Option c) host your own secondary MX. Ok if you have redundant connections as well. But not if you need a buffer for mails in case your connection is down.

Option d) pick a provider that offers Spam-protection. Well, what would I need the Ironport for then?

Share your thoughts. Give me a hint. Tell me the page in the manual I overlooked.

Cheers
Henrik

7 Replies 7

ironport99
Level 1
Level 1

Create a sender group under the Host Access Table to cover the IP range of your providers's mail servers and then apply a mailflow policy with the DHAP set to an unlimited number of invalid recipients (in effect turns off DHAP for your providers's servers). The HAT is processed in the email pipeline before the LDAP acceptance. Once you have set that up - I would configure incoming relays to recognise your provider's mail servers so that the "real" host sender SBRS information can be used to determine spam messages more accurately.

Do I get a chance to use the LDAP-query results nonetheless? Via a message-filter, maybe? Apparently not. But that is what I'd need. Let all messages from these provider hosts in, check the recipients and drop all to non-existing recipients silently.

Thanks
Henrik

ironport99
Level 1
Level 1

Henrik,

You will still be doing LDAP acceptance from your provider just not stopping DHA. To achieve what you want the only way I can think is to move the LDAP acceptance to the work queue for your listener - or setup a separate listener that only your provider relays to that has LDAP acceptance in the work queue rather than the SMTP conversation.

I feared that. Thanks nonetheless. I cannot set up a different listener, though. And I'd rather reject mail in the SMTP-dialogue. Would be nice if we had the result of the LDAP-query for a filter. Well, I'll try to find something else then.

Henrik

I'd just get rid of the secondary MX.

If your link goes down - there's not much difference between your provider collecting the mail and the originating mail server queuing it for you.

Getting rid of the secondary MX will also improve the performance of the ironport as you can use Senderbase more effectively.

Donald Nash
Level 3
Level 3

Tminchin is right, just get rid of the secondary MX. It really doesn't do you any good. We did so years ago and have been much happier for it.

That is what I was recommending first place. Thanks for supporting me there.

Cheers
Henrik

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: