Last year I wrote about the death of the backup mx host for my domains. In the arms race against spam, I've found a very helpful tool allowing the return of my backup MX hosts.
Recapping the history, one of my domains has been under a persistant SMTP dictionary attack for over a year. I get 3-10 emails a second with guessed destination email address. Sendmail on the primary MX host is rather efficient at rejecting these so the only real effect is my 200MB of email logs a day. However, spammers often target the backup MX host since they usually have less spam filtering. Last year, the attack took down my backup MX host. The backup host will kindly accept a message for any username in the appropriate domain. Then, it will try to deliver them to the primary MX host. If the primary MX host rejects the username as invalid, the backup MX host tries to send a reject message back to the sender. The breaks down when the sender is a spam zombie that is not running a SMTP server. The backup MX host queues the reject message while it attemps redelivery for a number of days. My backup MX host has 500,000 reject messages in its queue before the load average become too great.
A great piece of software fixes this problem. SnertSoft's no-cost milter-ahead sendmail filter handles this sort of attack very well. The author is very responsive. I found only one issue with the software: it wouldn't compile or run on AMD64 platforms [typical issue of the C long type varying between 32 and 64-bit platforms]. In just a few hours, the author updated his code and milter-ahead is now running very well on my Debian AMD64 servers.
milter-ahead runs on a gateway or backup mail server and checks the RCPT during the SMTP connection with the a designated MX host. If that "look-ahead" host is down, milter-ahead will accept any email, which is the right thing to due. If the designated host is up, then milter-ahead can do one of several things. But, it's primary use is to query the designated host and verify that the receipient address is valid. If it is not, then the milter rejects the RCPT and avoids queueing the message. If the receipient is valid, then milter-ahead allows the backup MX host to accept the message for forwarding.
Now that my backup MX host won't be queueing email for invalid email addresses, I've brought that system back online. If you're running a gateway or backup mail server, you'll likely find milter-ahead a useful tool.
Comments (5)
It appears that milter-ahead is not free anymore. milter-ahead and milter-sender are now 90 Euros and 250 Euros respectively. Thats unfortunate, but I can see why the author did it given what they do. But for my personal mail host, I'm not about to shell out that much coin on a milter. Wonder if anyone else has a similar milter around.
Posted by Mike Baptiste | December 10, 2005 7:54 AM
Posted on December 10, 2005 07:54
Apparently Milter-Ahead isn't "no cost" anymore. It's 90.00€ now.
Posted by phe4321 | January 10, 2006 8:17 AM
Posted on January 10, 2006 08:17
milter-ahead is no longer free. Have you found a free alternative, or have you bought a license?
Posted by Derek | February 2, 2006 12:19 AM
Posted on February 2, 2006 00:19
Found this, looks to be a free alternative:
http://puszcza.gnu.org.ua/projects/mailfromd/
Posted by alex | July 18, 2006 5:33 PM
Posted on July 18, 2006 17:33
SMF-SAV also does call ahead:
http://smfs.sourceforge.net/smf-sav.html
Posted by Kostantinos | February 9, 2007 5:07 AM
Posted on February 9, 2007 05:07