• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 582
  • Last Modified:

Spammers using my backup mx service to bypass spam filtering

I am Running Exchange Server 2003 SP2. I am using a backup mx service my ISP offers, please see my mx records below. The problem I am having is spammers are sending their email through the backup mx server instead of directly to my server, so when the spam finally ends up getting forwarded from the backup mx server to my email server it seems that both RBL checks and domain validation checks are failing on these spam messages. For now I have blocked all email from the backup mx server by using connection filtering in exchange and blocking the mx servers ip address. What can I do to defeat this work around that the spammers are using to bypass some of my spam filtering in exchange?

nslookup -q=mx
mydomain.com    MX preference = 20, mail exchanger = relay1.sea.eschelon.com
mydomain.com    MX preference = 10, mail exchanger = mail.mydomain.com
0
DMS-X
Asked:
DMS-X
  • 2
2 Solutions
 
SembeeCommented:
That is a common spammers method. The reason they are doing it is because it usually bypasses the checks.
If your antispam strategy relies on connection filtering controls then you only have one option - remove the second MX record.

Simon.
0
 
DMS-XAuthor Commented:
What about if I were to smart host my email server through my isp instead? How would this effect my spam filtering methods in exchange?
0
 
SembeeCommented:
A smart host is for outbound email, so any changes in that aspect would have no effect on inbound email.

Simon.
0
 
Donnie4572Commented:
Always..a spam filter is needed per MX record...
If you remove your secondary record, you could use a router and assign a cost on the routes between the two boxes. Or, an smtp server at the gateway to receive inbound mail.

Depending on the time it takes to update your MX record on your public dns server, you could make the change there manually in the event the primary mail server is down.

It is not that big of a deal for inbound mail because most mail servers will queue the message if your server is down.

Donnie
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now