Rick Moen via luv-talk wrote:
Quoting Andrew McGlashan (andrew.mcglashan@affinityvision.com.au):
Many would say that about not having a backup MX, but anyway, guess we beg to differ on this one.
I've never known any third authoritative nameserver to be directly usable by spammers to cause a domain to DoS itself (which you may recall my saying is exactly what often happens with a backup MX).
I think I already mentioned null-mx and tarpit anti-spam techniques upthread, but I'll say it again: example.org IN MX 10 null-mx.example.org example.org IN MX 20 mail.example.org example.org IN MX 30 tarbaby.junkemailfilter.com null-mx should not listen on 25 at all -- this means you'll need a second public IP address. I don't actually know who operates tarbaby.junkemailfilter.com; it's a teergrube and I've been using it forever. For paranoia reasons I should probably host the equivalent in-house, but I have been too lazy to do so, so far. It appears to be this thing: http://wiki.junkemailfilter.com/index.php/Project_tarbaby