[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 407
  • Last Modified:

Exchange Server, GFI mail essentials and dns headaches

Hi Guys,

Here is the situation. I have exchange 2003, gfi mail essentials 10.0 and a new dedicated web server using Plesk 7.

I have mapped the dns to point the mx pref 10 to my exchange server (lets say 192.192.192.192) I then set up another mx record pref 25 to point to the webserver (10.10.10.10). I also set up a catch all mailbox on the webserver (pref 25).

The idea is, if my local broadband goes down and exchange loses communication, pref 25 (offsite webserver 10.10.10.10)will become the primary mx and collect all mail to my domain. Then, the pop connector that comes with gfi can either use dial up and pop the webserver catch all address or pop it once the broadband is back online and download the mail in to exchange at which point it will be processed for spam, etc and placed for pickup.

I have double checked the mx records and all appears to be ok but somehow mx25 seems to be catching all of the mis-addressed mail. For example xyz@mydomain.com where xyz does not exist. I suppose it could be catching other mail too but I dont know for sure. It sure looks like its all spam to me.

So, any ideas what I am doing wrong? It has to be something I'm not doing properly but I'll be damned if I can find it.

Any help or advice would be greatly appreciated. Thanks in advance.
0
Cymru1
Asked:
Cymru1
  • 2
1 Solution
 
SembeeCommented:
Nope it isn't you.
A usual spammer trick is to send email to a higher cost MX record. Their theory is that the main MX record will have all the spam protection on it and the backup will not. The spammers think that using the secondary MX record gives a better chance of their message getting through.

Simon.
0
 
Cymru1Author Commented:
How is it possible for them to choose an mx to send to? I didn't think you could control the mx you use to send mail to? FYI, this server has only been live for under 24 hours. Thanks.
0
 
SembeeCommented:
MX information is public.
They probably have some kind of script that does the MX record then uses the second MX record instead of the first.

As with many of the things that cause problems on the Internet, spam, spyware, viruses etc - the people who write them are very talented and if they put their skills to good use then they could probably do some good.

Simon.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now