I have our spam filter as the primary MX entry and 216.217.139.56 is one of my secondary MX backup mail servers.  I have the backup servers configured to hold mail if the spam filter is not reachable and to attempt delivery later.

correct me if I'm wrong, but does the following log entry indicate the spam filter is blocking traffic from the backup?  I have looked and the IP address is not in my IP Blacklist.

02/02/06 10:38:06:892 -- (2316) Connection from: 216.217.139.56  -  Originating country : United States
02/02/06 10:38:06:892 -- (2316) IP is in local blacklist cache. Disconnecting: 216.217.139.56

 

I think you are close to understanding my configuration, but from your reply either I am misinterpreting or you are missing part of my configuration.  Let me try again:

95% of our hosted domains have e-mail configured as:

10 mx spamfilter.webconnectivityllc.com
20 mx mail2.webconnectivityllc.com
30 mx mail3.webconnectivityllc.com

mail2 and mail3 queue messages and only forward them to spamfilter when it is available.  Spamfilter forwards legitimate messages to the "real" mail server: mail.webconnectivityllc.com

no messages should ever be directly delivered to mail.webconnectivityllc.com.

if I put the IP addresses in the IP white list are those messages never filtered and would go through or does the IP address in the list simply tell the spam filter to always accept connections from these IP's and continue filtering?

 

Derk,

Before we reply, let me pre-say the following:

SpamFilter needs to see the original IP of the sender when receiving emails, otherwise many of the DNS-based tests will fail. For example, if you're using the SPF filter, SpamFilter will reject the email unless it comes from a very specific server(s) as specified in their SPF DNS records. So if instead that email is processed by another server on your network, and then delivered to SpamFilter, the email will be rejected as your server is not authorized to send the email on behalf of the sender.

This said, from your first post, it seems as if your secondary MX server at 216.217.139.56 is forwarding emails to SpamFilter:

02/02/06 10:38:06:892 -- (2316) Connection from: 216.217.139.56  -  Originating country : United States

in this case, SpamFilter will eventually block email from your secondary. This can happen if you're using the SPF filter (and please note that SpamFilter *should* block such emails, as the SPF standard is purposely created to forbid unauthorized servers to send email on someone's behalf), or also for example if you're using the SURBL filter that scans email for blacklisted URL. After SpamFilter blcoks your secondary MX a few times (3 times within 10 minutes by default) it will add its IP to a local IP blacklist cache, and will block any further connection attempts for an hour (by default).

The IP blacklist cache has a setting in the SpamFilter.ini file (DoNotAddIPToHoneypot) where you can add, separated by commas, the IP addresses of "trusted servers" that you do not wish to be automatically blacklisted.

Please note however that we recommend reconfiguring all your servers on the MX records so that they forward emails to your "real" mail server, *not* to SpamFilter, as many legitimate emails will be blocked, unless you disable in SpamFilter the SPF filter.

LogSat wrote: Dan, You are absolutely correct, any servers listed there will *not* be neither "honypotted" nor will be listed in the cache.

Roberto,

This is actually good news as I was using the setting that way and ASSUMING it was as you state!