Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » anti-spam settings and MX records...
  •  
derek_500

Messages: 42
Karma: 0
Send a private message to this user
Hi

We are using KMS 6.4. In the the Spam settings we activated Spam Repellent - SMTP Greeting Delay of 25 seconds. I've been analyzing the spam messages we still receive and I was getting ready to block an IP address when I figured out that the IP address most of our spam comes from is our ISP's email relay, which is listed as a secondary MX for us. I spoke with our ISP about this (it was configured this way before I started administering the email server). This is a standard practice for them in case our internet connection were to go down; they would queue up all of our mail for us. In our case, I think the spam that is not getting the response it desires because of our 25 second delay, instead delivers to the secondary MX (our ISP) and then gets delivered from the relay successfully with the delay.

How are other people configuring their MX records? Our ISP suggested we could remove them as a secondary in our MX record, but warns that messages may fail should our connection go down. I'm thinking that even if our connection were to go down, most sending email servers have a queue that will just try again.

Is there a common practice to follow here? Would we be better off with NO secondary MX? How are most folks configured about this?

Thanks
-Derek
  •  
tpalmer

Messages: 61
Karma: 0
Send a private message to this user
As always, it depends Smile

Personally and for the servers I admin, I see no reason for a secondary. Sending servers will queue, generally for a couple of days, but that's highly variable. But there is something to be said for senders getting notification that their message didn't go through, rather than thinking it did when its really sitting in your secondary's queue. If you have no secondary, mail might not get through if you are down long enough, but the sender will know their messages didn't get through. Is that a good or a bad thing? Depends...

The "depends" part is really a business question. but not having a secondary will certainly cut one popular spam path out.
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
I would have to agree. We don't have a secondary either. Sending mail servers usually queue mail they can't deliver for at least 24-48 hours. Since the mail store on Kerio isn't replicated with the secondary, the only purpose the secondary performs is to queue mail temporarily, which the sending mail server is already doing. About the only time a secondary mail server is useful is when you know you're going to be down for a prolonged period of time, and want to capture all of that mail without it expiring in sending mail server queues. Then you run into the issue of senders possibly not being notified that mail is delayed or non-deliverable.

As you're finding out, secondaries also make the setup a bit more complicated, especially with spam filtering. Blacklists and some other spam filtering techniques won't work on mail coming from the secondary. That leaves you with either none, or limited spam filtering on mail coming from your backup mail server. You could go through the trouble of maintaining the same spam filtering settings on multiple machines, possibly running different technologies, but that's difficult, and not always an option. I've also seen spam intentionally sent to the secondary or backup mail servers hoping it will bypass the filtering on the primary server.

You also tend to generate a lot of NDRs from the secondary mail server since it usually accepts all mail for the given domain, only bouncing once it tries to deliver to your primary.

Scott
  •  
tpalmer

Messages: 61
Karma: 0
Send a private message to this user
sedell wrote on Thu, 06 September 2007 19:43

I've also seen spam intentionally sent to the secondary or backup mail servers hoping it will bypass the filtering on the primary server.



... In their millions - secondary MXs are primary targets.
  •  
derek_500

Messages: 42
Karma: 0
Send a private message to this user
Well, thanks to all for your advice. We did remove the secondary MX last week and it seems like our spam intake has cut down somewhat. I noticed that our security logs are now loaded with stuff like this:
[11/Sep/2007 09:43:10] SMTP Spam attack detected from 218.111.222.153, client closed connection before SMTP greeting
[11/Sep/2007 09:43:10] SMTP Spam attack detected from 88.233.127.229, client closed connection before SMTP greeting
[11/Sep/2007 09:43:11] SMTP Spam attack detected from 80.42.232.244, client closed connection before SMTP greeting
[11/Sep/2007 09:43:12] SMTP Spam attack detected from 218.111.222.153, client closed connection before SMTP greeting

By the thousands. I sure hope it's working.

What's considered a reasonable amount of time for the delay? Right now we have the SMTP greeting delay at 25 seconds. I just hope we're not missing any legitimate email...

Thanks again
-Derek
  •  
freakinvibe

Messages: 1552
Karma: 62
Send a private message to this user
I think some SMTP RFC says, that a sending mail server must wait at least 30 seconds for getting an SMTP greeting, so you should be fine with 25 seconds. I have set mine to 19 seconds to catch also mail servers that have their timeout set to 20 seconds. Still catches a lot of Spam.

Anyhow, legal senders will get an error message back, if they can't get their mail to you.

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
SMTP client must wait up to 5 minutes for initial greeting. Anyway, it does not make a sense to use values higher than 30-45 seconds because SpamRepellent efficiency is not better and you may expect delays in email delivery.
Previous Topic: IMAP KOC Errors.
Next Topic: Definitive Guide to Sunbird and Contacts?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 22:47:56 CET 2017

Total time taken to generate the page: 0.00482 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.