?
Solved

SPAM coming in direct or through secondary MX?

Posted on 2008-10-07
10
Medium Priority
?
526 Views
Last Modified: 2012-05-05
I have been doing some reading about spam and secondary MXs recently.  We currently use our ISPs backup MX service, simply because we are a small business at one location and we don't have backup mail servers.  I'm told that often spammers will send to the second MX in order to bypass the spam checking on the main mail server.  Our mail server is an Exchange 2003 SP2 (under SBS 2003) box.

So the questions I have are:

1.  Why would sending to the secondary MX allow spammers to evade spam filters?  The backup MX server eventually has to send those e-mail to the main server, so wouldn't the main server just filter the incoming e-mails at that point, regardless of the source?

2.  How do I tell which e-mails came through the secondary MX and which came in directly to primary?  I'd like to check to see if we are acutally receiving any e-mail  through our secondary MX on a regular basis.

Any insight on this would be much appreciated.
0
Comment
Question by:I_play_with_DNA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
10 Comments
 
LVL 5

Assisted Solution

by:ccns
ccns earned 300 total points
ID: 22664461
as long as your exchange/mail server has some sort of email filtering it will be stopped. regardless of which mx the spammers send the emails on.
0
 
LVL 5

Expert Comment

by:ccns
ID: 22664465
I reccomend symantecs SEP and MAIL security for microsoft exchange.
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22666776
Please read the following links - i am sure this would answer every bit of your doubts.

http://www.petri.co.il/block_spam_with_exchange2003_imf.htm
http://www.msexchange.org/tutorials/Blacklist_Support_Exchange_2003.html
http://www.msexchange.org/tutorials/MF005.html

If you still have doubts over spamming / relaying - go ahead and post them here. :)
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 19

Expert Comment

by:bevhost
ID: 22667687
Is your secondary MX capable of the error message "Unknown User or Mailbox"?  
or does it blindly accept anything addressed to your domain?

When you bounce these, then they probably are spam and you just bounced them back to some poor person who had their email address forged.  It would have been better to refuse to accept the message in the first place.

Secondary MX servers are good for extremely high load situations or if you have a dial up link and aren't online all the time.

Remember the Sending MTA has a queue and will store the message anyway if you go down for a day or so.
So you really don't need them to be queued at the ISP.  Why would it make any different whether the sender queues it or your ISP queues it?

Secondary MX is also very good if you have two internet links.

0
 

Author Comment

by:I_play_with_DNA
ID: 22667769
@bevhost

I would assume the secondary MX accepts everything addressed to the domain.  The secondary MX is controlled by our ISP, so they would have no access to our user lists in order to validate e-mails.
0
 

Author Comment

by:I_play_with_DNA
ID: 22667794
@Exchange geek

Those articles really don't address anything asked in my questions.
0
 
LVL 33

Expert Comment

by:Exchange_Geek
ID: 22667836
I have provided those articles which talk in detail about how to control spam and relay. Also, if the secondary MX is accepting those emails - how are they forwarding those emails to your exchange server ? via firewall / smtp gateway or directly ?
0
 

Author Comment

by:I_play_with_DNA
ID: 22668170
@Exchange geek

I think it must be via SMTP gateway since the secondary MX is not part of our network.  It's been a long time since I've had to administer an e-mail server, but I'm pretty sure this is correct.
0
 
LVL 19

Accepted Solution

by:
bevhost earned 600 total points
ID: 22674245
I have a postfix server which acts as the only MX for downstream exchange servers and it CAN do Unknown user Errors.

See
http://www.postfix.org/ADDRESS_VERIFICATION_README.html

It uses a scheme called address verification, where it connects the the primary server to find out if a user exists if it has never been seen before.  So Secondary MX servers can have access to user lists to verify emails.

So far as exchange servers are concerned, I haven't found the built in tools very good at stopping spam, so I generally don't have any MX records pointing directly at them, in favour of a front end server with better anti spam controls.
0
 
LVL 33

Assisted Solution

by:Exchange_Geek
Exchange_Geek earned 600 total points
ID: 22676408
@bevhost:

I agree fighting with spam is best done by "other" server rather than Exchange - even though Exchange 2003 IMF is built with anti-spam features - it is not the best in the world - hence having a smtp gateway / front-end box / firewall are the best configuration to receive (in other words MX records) / send emails (smart host setting).
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
New style of hardware planning for Microsoft Exchange server.
how to add IIS SMTP to handle application/Scanner relays into office 365.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question