Greylisted messages sent thru backup MX server..
Question asked by michael~ - May 5, 2016 at 7:48 AM
Answered
Hello --
TLDR; what's the correct way to config a backup mail service in SmarterMail?
 
We use an external backup mail service in case our local mail server ever goes down for maintenance or internet troubles etc. At one point early on, I noticed that legitimate messages routed thru those servers were being rejected (I can't recall why), so I added the backup MX server IPs to the Antispam -> Bypass Gateways page.  But now I'm seeing that messages will get greylisted by Smartermail, then immediately get sent to the backup MX server and immediately delivered.. in fact, the bulk of our incoming mail is coming from those backup mail servers.
 
I'm wondering what is the correct way to configure this setup?  Where should I place those MX IPs?
Thank you
-- michael~

8 Replies

Reply to Thread
0
michael~ Replied
Really?  nothing?  No one else uses a backup MX service?  ...bummer.
1
Jeff Knapp Replied
I added the IP addresses of my third-party filter/backup MX to the greylisting filter and that allowed things to pass unfettered.
 
Security > Greylisting > Filters TAB > Add Filter
0
michael~ Replied
Thanks for the reply, Jeff.  
 
My problem, tho, is that senders seem to be bypassing the greylisting.  They send to my primary MX IP, and when they receive the greylist-fail response, they immediately send to my secondary MX IP (the backup mail service), ignoring the "send again in x seconds" delay.  I'm assuming since the secondary MX IP is in the Bypass Gateways list, Smartermail is just letting the message go straight thru.
 
I'm not looking to bypass greylisting for the backup mail service.  Rather, if a message is greylisted when sent to the primary MX IP, Smartermail should recognize the same message coming into the secondary MX IP and reply with another "send again in x seconds" response.  Maybe I should try to remove the secondary IPs from Bypass Gateways and see how the messages fail. I had it set like that originally, but can't recall exactly why messages weren't coming thru the backup server.  much confuse.
0
michael~ Replied
As an example, this is exactly what's happening, about 400 times daily.. 
 
[2016.05.10] 01:37:33 [64.34.57.227][54368814] rsp: 220 mail.mycomp.com
[2016.05.10] 01:37:33 [64.34.57.227][54368814] connected at 5/10/2016 1:37:33 AM
[2016.05.10] 01:37:33 [64.34.57.227][54368814] cmd: EHLO mx-a1.sailthru.com
[2016.05.10] 01:37:33 [64.34.57.227][54368814] rsp: 250-mail.mycomp.com Hello [64.34.57.227]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2016.05.10] 01:37:33 [64.34.57.227][54368814] cmd: MAIL FROM:<delivery@mx.sailthru.com> BODY=8BITMIME
[2016.05.10] 01:37:33 [64.34.57.227][54368814] rsp: 250 OK <delivery@mx.sailthru.com> Sender ok
[2016.05.10] 01:37:33 [64.34.57.227][54368814] cmd: RCPT TO:<user@mycomp.com>
[2016.05.10] 01:37:33 [64.34.57.227][54368814] rsp: 451 Greylisted, please try again in 60 seconds
[2016.05.10] 01:37:33 [64.34.57.227][54368814] cmd: QUIT
[2016.05.10] 01:37:33 [64.34.57.227][54368814] rsp: 221 Service closing transmission channel
[2016.05.10] 01:37:33 [64.34.57.227][54368814] disconnected at 5/10/2016 1:37:33 AM
[2016.05.10] 01:37:34 [208.94.147.129][31524250] rsp: 220 mail.mycomp.com
[2016.05.10] 01:37:34 [208.94.147.129][31524250] connected at 5/10/2016 1:37:34 AM
[2016.05.10] 01:37:34 [208.94.147.129][31524250] cmd: EHLO mx2.dnsmadeeasy.com
[2016.05.10] 01:37:34 [208.94.147.129][31524250] rsp: 250-mail.mycomp.com Hello [208.94.147.129]250-SIZE 52428800250-AUTH CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2016.05.10] 01:37:34 [208.94.147.129][31524250] cmd: MAIL FROM:<delivery@mx.sailthru.com> SIZE=44919 BODY=8BITMIME
[2016.05.10] 01:37:34 [208.94.147.129][31524250] rsp: 250 OK <delivery@mx.sailthru.com> Sender ok
[2016.05.10] 01:37:34 [208.94.147.129][31524250] cmd: RCPT TO:<user@mycomp.com>
[2016.05.10] 01:37:34 [208.94.147.129][31524250] rsp: 250 OK <user@mycomp.com> Recipient ok
[2016.05.10] 01:37:34 [208.94.147.129][31524250] cmd: DATA
[2016.05.10] 01:37:34 [208.94.147.129][31524250] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2016.05.10] 01:37:34 [208.94.147.129][31524250] rsp: 250 OK
[2016.05.10] 01:37:34 [208.94.147.129][31524250] Data transfer succeeded, writing mail to 125389707.eml
[2016.05.10] 01:37:34 [208.94.147.129][31524250] cmd: QUIT
[2016.05.10] 01:37:34 [208.94.147.129][31524250] rsp: 221 Service closing transmission channel
[2016.05.10] 01:37:34 [208.94.147.129][31524250] disconnected at 5/10/2016 1:37:34 AM
1
Jeff Knapp Replied
Marked As Answer
The short answer is don't list any MX records you don't want people using.  You can't force a server which MX to use.  Spammers will often user higher MX records than the lowest in an effort to avoid detection.
 
We use junkemailfilter.com as our upstream provider - they'll spool/forward our mail and clean it as well, so my local MX is not in the public DNS - all mail shoots to the filter server and then the filter server talks to SmarterMail.  They've got the infrastructure to not go down, so we treat them like our primary MX, even tho they don't really store any mail for us.
0
michael~ Replied
This makes me wonder - what's the catch? Seems that service essentially removes 90% of the need to do local spam-checking in Smartermail.. Plus, offers a backup mail service to boot. Soo.. why aren't they the most popular service in the email industry??
0
Jeff Knapp Replied
Got me. I love 'em. They're like $500/year for the amount of volume we use and I can I bill it back to the clients to still want their own server (as opposed to those who went to Gmail or O365)

I initially heard of them via Dvorak plugging them on This Week in Tech eons ago ("I Get No Spam") and never looked back. I still keep the SM servers updated with Bruce's best practices, but SM isn't getting too much to deal with - but they do get a smidge.
0
michael~ Replied
Sure enough!   It's been a while, but I finally got to deleting the backup mail service (removing their MX records and dropping them from my Bypass Gateways list).  I did that Friday morning and by Saturday *poof* spam is gone!  Makes me wonder if I accidentally broke something, because.. really?!  From an average of 600/day to nothing?!  I'm just waiting for people to start yelling about legit mail not coming thru for some reason.. hah!  pessimist me.

Reply to Thread