[Greylist-users] question about multiple mx
ricardo at fcen.uba.ar
Wed Jan 28 07:14:13 PST 2004
What happens when you have multiple MX for a domain (for example if you
have several levels of backup relays)?
Assume the following scenario:
a.domain.com IN MX mx1.domain.com
a.domain.com IN MX relay1.otherdomain.com
a.domain.com IN MX relay2.anotherdomain.com
you have greylisting installed in mx1.domain.com only, because you don't
have controll over the relays.
When you send a new mail to the a.domain.com domain, the greylisting
machine tempfails that mail, so the mailer tries the next MX in the list
(i.e. relay1.otherdomain.com) which accepts the mail.
Then, the relay1.otherdomain.com machine delivers the mail to the
mx1.domain.com machine which will go through since we are being
delivered from a known relay.
So, now I have an open relay for spammers to go. That's not pretty.
How can I prevent this? I need to have those relays as a backup measure,
but I cannot afford to turn them into open relays for spammers.
BTW, if I don't whitelist those relays, it is only a matter of time for
them to get whitelisted automatically, since they will retry until the
greylisting filter lets them through, so not whitelisting my relays is
not a solution here.
I hope that someone can answer this for me
More information about the Greylist-users