Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Notes/Domino 6 and 7 Forum

Notes/Domino 6 and 7 Forum

  

PreviousPrevious NextNext


~Karl Eknuplopoopsi 4.Feb.03 09:30 AM Lotus Notes
Domino Server 6.0 Windows 2000


In order to try and automate, at least partially, the sort of analysis of mail blocking, an example of which you can see here, I have added some event monitors to my monitoring configuration. These grab events relevant to mail blocking and write them to a .nsf made with the statistics reporting template.

A side effect of this is that the stats are recorded categorised by server, which is not a factor I have considered explicitly before now. This has highlighted an interesting, if not very surprising (to me) phenomenon:

The DNS for most of my Internet domains is set up with two MX records. These have different preferences, so that inbound mail is normally handled by one Domino host (the one with a lower MX preference) and is only handled by the other (with a higher MX preference) when either:
  • the preferred host is down for some reason (which it hardly ever is) OR
  • the preferred host is so busy that it cannot accept any new inbound SMTP connections (again, a very rare scenario)

In the ordinary run of things, I would therefore expect to see very few SMTP connections to my non-preferred Domino host.

In fact, what my event monitor has trapped is this:
  • There are far more attempts to use my non-preferred MX than the availability of my preferred MX would indicate.
  • Nearly every attempt, circa 94% of them, to deliver mail via my non-preferred MX is denied by one means or another (block lists, policy rejections).
  • By contrast, a high proportion, but relatively far fewer are rejected by my preferred MX - only 48%.

The blocking policies are identical on both Domino hosts. What this indicates is what I have long suspected, i.e. that:
  • spammers either deliberately choose higher preference mail exchangers OR
  • they exhaustively try all mail exchangers rather than giving up after the first rejection
  • ... probably both of these depending on the spammer

This is possibly because many sites that use multiple MXes have different policies (or even different MTA software) running on each of them, so a message rejected by the preferred MX can often be delivered by deliberately routing via a higher preference mail exchanger.

The moral is clear:
  • If you run multiple MXes for your organisation, enforce a consistent policy across all of them, OR
  • Run only a single MX (Domino servers are pretty reliable, so you won't have much down time and remote senders will always retry if they cannot contact your MX), AND
  • Do not rely on your ISP to provide a fail-safe backup MX for your domains - they will inevitably have a far weaker policy and spam that would otherwise be blocked will get through.





FYI: About spam and MX preferences (~Kelly Zekwebur... 4.Feb.03)
. . RE: FYI: About spam and MX preferen... (~Evelyn Opkikon... 4.Feb.03)
. . . . RE: FYI: About spam and MX preferen... (~Kelly Zekwebur... 5.Feb.03)
. . RE: FYI: About spam and MX preferen... (~Sanjay Bregero... 4.Feb.03)
. . . . Sure (~Karl Eknuplopo... 4.Feb.03)
. . . . . . RE: Sure (~Sanjay Bregero... 5.Feb.03)





  Document options
Print this pagePrint this page

 Search this forum

  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Category
Platform
Release
Advanced search

 RSS feedsRSS
All forum posts RSS
All main topics RSS