[Greylist-users] question about multiple mx

Ricardo Kirkner ricardo at fcen.uba.ar
Wed Jan 28 07:14:13 PST 2004


What happens when you have multiple MX for a domain (for example if you
have several levels of backup relays)?

Assume the following scenario:

a.domain.com	IN	MX	mx1.domain.com
a.domain.com	IN	MX	relay1.otherdomain.com
a.domain.com	IN	MX	relay2.anotherdomain.com

you have greylisting installed in mx1.domain.com only, because you don't
have controll over the relays.

When you send a new mail to the a.domain.com domain, the greylisting
machine tempfails that mail, so the mailer tries the next MX in the list
(i.e. relay1.otherdomain.com) which accepts the mail.

Then, the relay1.otherdomain.com machine delivers the mail to the
mx1.domain.com machine which will go through since we are being
delivered from a known relay.

So, now I have an open relay for spammers to go. That's not pretty.

How can I prevent this? I need to have those relays as a backup measure,
but I cannot afford to turn them into open relays for spammers.

BTW, if I don't whitelist those relays, it is only a matter of time for
them to get whitelisted automatically, since they will retry until the
greylisting filter lets them through, so not whitelisting my relays is
not a solution here.

I hope that someone can answer this for me

With regards

Ricardo Kirkner

More information about the Greylist-users mailing list