This is a discussion on Re: fake MX records - SpamAssassin ; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kshatriya schrieb: > On Tue, 14 Aug 2007, ram wrote: > >> The page says the primary MX should not be accepting connections at all. >> Has anyone else tried this , will this ...
-----BEGIN PGP SIGNED MESSAGE-----
> On Tue, 14 Aug 2007, ram wrote:
>> The page says the primary MX should not be accepting connections at all.
>> Has anyone else tried this , will this cause delay in my mail
> It almost doesn't work anymore. Better try adaptive greylisting, with
> some whitelists so you don't notice too much of delays.
fake mx do work, but dont expect to much, as most of the
bots learned to come again to defend greylisting , they also
learned fake mx.
you will have a delay with fake mx but its very small.
In my case i was bombed with connects and fake mx
reduced them about 10 percent , i think these are very old spam bot
variants who still agressing against my very old three letter domain.
I would say fake mx are nice to have , but its not a must have in
antispam these days,
I included reject_unknown_reverse_client_hostname
in my postfix ,this, it seems is very efficient , in my case,i noticed
to block spam mail in early client stage.
Also fail2ban does a good job with dictionary attacks,
for sure you should have all other recommended
antispam settings like reject_unknown_sender_domain etc
including greylisting, policy_weight, spf, dkim
in your mail server.
Mit freundlichen Gruessen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----