We have a unique setup at my work. All of the webhosting appliances have built in spam-filtering software. However, we have external spam-filtering appliances that are 99% more effective. It makes sense to keep CPU intensive spam filtering off of the webhosting servers which should be focusing their efforts on serving up PHP and MySQL queries.
It seems spammers are getting more and more savvy (or should I say desperate?) and have developed several means to bypass spam-filters. One of those which seems to be getting more popular lately, is to completely ignore a domain’s MX records and deliver spam directly to the website’s IP address. For most virtual hosting and some dedicated hosting setups using an external or 3rd party spam-filtering service, this can be quite effective. Lately it has been plaguiing several of our clients who are reporting an increase in spam, but cannot find copies of it in the spam filter interface.
To make a long story short, I was able to coerce Exim into rejecting these direct delivery attempts.
Log into WHM and click “Exim Configuration Editor”
Then click “Advanced Editor”
Add the following to the empty box at the top:
domainlist relay_domains = lsearch;/etc/secondarymx
Now we need to tell Exim to be nice to our spam-filtering appliances (don’t reject the clean mail coming in from them) by adding a list of their IPs in to /etc/alwaysrelay.
Restart Exim, done!
Thanks for this tip! I’ve been looking all over for something that would help with stopping spammers targeting our server’s IP address. Does this line in the Configuration cause direct connection attempts to look at the secondary MX record? or does it merely cause the spam to be dropped? Thanks!