Running Two Mail Servers (To Reduce Spam with Greylisting)?
Heeeeey. So I'm running Snow Leopard Server on my primary server that lives in a data center. I'm running the mail server that comes with OS X Server, and controlled by Server Admin.app.
I've been getting TONS of spam lately. I know that this version of postfix (I think its postfix?) has the option to do greylisting. And when I do greylisting, it works at preventing most and nearly all of my spam. HOWEVER just by virtue of the way greylisting works, it can cause significant slow-downs in legit email, particularly mail from large multi-server providers like GMAIL.
So what I clearly need is to FINALLY put those SPF records to good use, and enable greylisting, but only for incoming email that fails SPF check, or that has no SPF records. Or to put it another way, greylist all mail, but allow a bypass for mail that successfully passes an SPF record check.
Well, I don't think my mail server can do this. Not without a lot of work that some random security update could easily undo (it's not impossible that there could be another update, even on this older OS). So then it got me thinking...
What if I set up a second mailserver running right on the same machine? I could set up the old mailserver to listen on port 26 instead of 25 (in addition to 587), and the new server could listen on 25. It could do the spf/greylisting, and then all mail it accepts, it could just relay to the "real" mailserver. The real mailserver could be configured to whitelist it's own host, so all mail from the greylist server should come in no problem.
Does this sound like a workable plan? Am I missing any logical problems in this process? I guess I would have to *** my realtime blacklists to the new server too, not the 'real' server, for them to work effectively. What do you think?
Xserve, Mac OS X (10.6.8)