Weblogs for medwayman
In a nutshell by making your primary MX always unavailable, real MTA's will just move on to the secondary, but the fire-and-forget Spam aimed at your primary will never even get a connection, let alone get rejected or needing to be filtered.
So I've firewalled my primary to only accept connections on port 25 from the secondary, and so far I'm seeing only about 10% of the connections that my primary would have rejected re-appearing on the secondary. That's a straw poll rather than a proper analysis.
I'm small-scale here, and I've done this out of interest rather than necessity, but it looks promising.
3 years on, I realise that I can now install, configure and maintain my Debian servers, largely thanks to this site and a little help from friends. Just recently I've taken on a dedicated host, and have happily set that up as an MTA, webhost, and a backup repository.
But there seems to be a whole load of stuff that I still don't know, sometimes I stumble with basic command line stuff, and feel like a real newbie, but then realise that if I can set up an internet server I can't be.
So is it a state of mind? Just when does one stop being a newbie?