I have a dedicated Ubuntu Lucid box at a hosting provider that is my backup MX (running exim4 4.71-3ubuntu1.4) for domains that I have configured on an Exchange 2007 server on my LAN. So my Exim server is the relay, and if my Exchange server or ISP connection goes down, the Exim server caches it all up and will relay it to me when everything is back up.
So the problem is that my Exim server accepts all addresses @mydomain.com whether they're valid or not, and then when my Exchange server rejects email based on bogus sender, spammy content, or whatever, the Exim server is stuck in the middle holding the bounce. Of course spammers don't use valid sender addresses, so now my Exim server's queue is all junked up with backscatter bounces that it can't deliver.
(In the past, I've used the :fail: alias to fail delivery to non-existent users outright, but since this guy is an intermediate hop, he doesn't know anything about which mailboxes are valid and which are not.)
So, what do I do about it?
- Just ignore it and the messages will eventually time out and be dropped? Could this be deleterious to my IP's spam reputation?
- Figure out a way to TCP/IP proxy the mail connection directly from my hosted server to my Exchange server (thus eliminating the backup cache feature?)?
- Put spamassassin on my hosted server to block the majority of spam during the initial connection, thus rejecting the email outright, thus no NDRs?
- Something else that I haven't thought of?
Any suggestions for accomplishing this are greatly appreciated. Thanks.
Best Answer
IMHO, your best option is using an exim/spamassassin combination, cofigured to reject mail at
STMP time(i.e. before accepting it) to mitigate backscatter.Add in some RBL whitelisting/blacklisting to refuse or (better?) greylist inbound mail at
connection time.This should be sufficient to reduce the queue size.
There's lots of info on how to configure exim+spamassassin, as a start take a look here.