We help IT Professionals succeed at work.

Stopping Spam entry through lower priority MX records

INTRO:

I have a SonicWall email filter, which I am very happy with.  I accept mail for several domains, which pass through the SonicWall filter and then are forwarded to the mailboxes which are hosted by Intermedia.

Intermedia's Spam filters don't do the job for my clients and me as well as the SonicWall does.

Because my SonicWall is in my office, I am at the mercy of my ISP and Power company. I was fortunate that I only lost Internet service for 16 hours during the Northeast's early snowstorm of October.

My MX records are set up as follows:

5   my SonicWall
10 First Intermedia Server
20 Second Intermedia Server
30 My SonicWall (again)

I put my SonicWall in twice, because SonicWall advised me that many Spammers send email to the lowest priority mail exchanger because they assume that the highest priority has the best anti-spam protection.

So, if my Internet goes out, the email will be delivered to Intermedia, which I have configured with relaxed Anti-Spam settings - I discovered that Intermedia's more sensitive settings produces more false positives than SonicWall.

PROBLEM:
Spammers are sending email directly to the lower priority Intermedia servers, and my clients are getting too much junk.

I would like to figure out how I can best filter mail through a device with the quality of a SonicWall should MY SonicWall go out.

SOLUTIONS?

I thought that I could:

co-locate a second SonicWall somewhere that won't be subject to service outages, and have that SonicWall forward mail after filtering.

Partner with another SonicWall user.

Find a Spam Blocking service equal to SonicWall

OR - do something else I'm not yet aware exists.
-----

Thanks

Larry
Comment
Watch Question

Network Administrator, Network Consultant
Top Expert 2011
Commented:
you create a new MX record with higher priority (ie: lower number) than the ISP's mail server (you could also just delete the MX record pointing to ISP's mail server). You can however leave the ISP mail server in place, with a lower priority MX record and leave the POP3 connector running. This will serve as a bit of a backup mail server – first attempt goes to your Exchange (direct). If that's not available, email will flow to ISP. When your server is up again the POP3 connector will download anything that went to your ISP.

I'd recommend some kind of hosted mail filtering though – so that the only mail that reaches Exchange is 'clean'. Exchange won't be bogged down filtering bucketloads of SPAM daily.

I don't know what the normal ratio is but a client with 150 users has about 20,000 SPAM emails filtered from their incoming mail daily.

In that scenario you then just point your MX record to Trend Micro's incoming filter servers, which in turn then forward on to your Exchange box. This has the added benefit of caching your mail in the case that your server is down.
Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:
i forget to mention that I'd recommend some kind of hosted mail filtering though – so that the only mail that reaches Exchange is 'clean'. Exchange won't be bogged down filtering bucketloads of SPAM daily.

Author

Commented:
I didn't really need the POP3 connector setup. That's not part of my email setup.

The key to this solution is to use Tend Micro's Hosted Email Security. I had tried to use Google's, but the first pass I didn't easily find a setting that would forward email for me. I then went to Trend Micro.

Very important - Trend Micro will forward mail to a FQDN - it doesn't have to be an IP address.

So now, I plan to set up the DNS with MX records as follows:

10 - My Sonicwall, then all mail forwarded to Intermedia
20 - TrendMicro, with all mail forwarded to FQDN of Intermedia

If my SonicWall is down, the mail will still be filtered until I get the device online again.
Maen Abu-TabanjehNetwork Administrator, Network Consultant
Top Expert 2011

Commented:
ok computerlarry .. wish you good luck