Topic: primary &secondary mail server used as mail relay for sp

[chris burnat]

I have noticed an increase amount of spams with score zero or at best one coming through on a couple of busy systems.  Messages are just plain text, no give away.  The originating IP addresses change all the time.  However, I noticed that of ALL the spams pass through the primary or secondary backup server.

Systems are 6.01 mail servers with valid MX records. Two backup mail servers are provided by a local ISP:

/usr/local/bin/dnsmx mydomain.com
10 mail.mydomain.com
50 mail.my-backupmailserver1.com
60 mail.my-backupmailserver2.com

The ISP providing the backup servers says nothing can be done on his side, short of subscribing to his antispam service at $3.50 per email address per month... Not sure how to deal with this, any advice would be greatly appreciated.
chris

Here is a sample header:

Received: (qmail 17768 invoked by alias); 24 Aug 2005 21:01:47 -0000
Delivered-To: alias-localdelivery-john@mydomain.com
Received: (qmail 17748 invoked by alias); 24 Aug 2005 21:01:47 -0000
Delivered-To: ggpp@mail.mydomain.com
Received: (qmail 17744 invoked by alias); 24 Aug 2005 21:01:47 -0000
Delivered-To: alias-localdelivery-ggpp@mydomain.com
Received: (qmail 17683 invoked from network); 24 Aug 2005 21:01:40 -0000
X-Scanned-By: amavis-ng-0.1.6 powered by CLAMD H+bedv on mydomain.com
Received: from mail.my-backupmailserver1.com (203.xxx.yyy.zzz)
  by mail.mydomain.com (203.aaa.bbb.ccc) with ESMTP; 24 Aug 2005 21:01:37 -0000
Received: from moped2.org ([222.64.180.149])
   by mail.my-backupmailserver1.com (8.12.8/8.12. with SMTP id j7OL1QqU009720;
   Thu, 25 Aug 2005 07:01:34 +1000
Message-ID: <17380907.EFCA2AC@moped2.org>
Date: Wed, 24 Aug 2005 14:50:58 -0300
Reply-To: "monroe rossman" <kaikeaila@moped2.org>
From: "monroe rossman" <kaikeaila@moped2.org>
User-Agent: The Bat! (v1.52f) Business
MIME-Version: 1.0
To: "" <ggpp@mydomain.com>
Cc: <jjss@mydomain.com>
Subject:  ashley
Content-Type: text/plain;
   charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.mydomain.com
X-Spam-Status: No, score=0.1 required=3.0 tests=BAYES_50,RCVD_IN_SBL
   autolearn=no version=3.0.4
X-Spam-Level:

[CharlieBrady]

I have noticed an increase amount of spams with score zero or at best one coming through on a couple of busy systems.

Yep, spammers are learning to get around our defenses.

  Messages are just plain text, no give away.  The originating IP addresses change all the time.

Until Windows becomes more secure, they'll be able to relay via as many zombie systems as they need.

  However, I noticed that of ALL the spams pass through the primary or secondary backup server.

Systems are 6.01 mail servers with valid MX records. Two backup mail servers are provided by a local ISP:

/usr/local/bin/dnsmx mydomain.com
10 mail.mydomain.com
50 mail.my-backupmailserver1.com
60 mail.my-backupmailserver2.com

The ISP providing the backup servers says nothing can be done on his side, short of subscribing to his antispam service at $3.50 per email address per month... Not sure how to deal with this, any advice would be greatly appreciated.

You do have another option which is to have no backup mail servers.