The first beta release of SpamBlocker3, dated 23 December 2006, has a potential bug.

Note these lines:
# SKIP MX ACL used at connect time:
# IF YOU USE OTHER THAN MAIN IP# FOR MX INSERT MAIN IP# TO
# TO REPLACE PLACEHOLDER, AND UNCOMMENT THIS SECTION
# check_connect:
# defer log_message = Spammer Connected to fake MX record
# condition = ${if match{$interface_address}{(XX.XX.XX.XX)}{true}{false}}

The above lines are undocumented a commented out.

The purpose of the above ACL is to thwart spammers who send to high-cost (low-priority) MX servers hoping to find it easier to get through on backup email servers.

The implementation is easy; you simply use a fake MX record, say cost 100 (instead of 10), to an IP# that you won't ever use to accept email. Since only spammers will use this MX record as long as other records are available, you can scrape the IP#s that try this connection (as long as your lower cost MX server is available) to put into blocklists.

We don't recommend using it, and by itself all it does is put a warning into the logs.

But if you uncomment it and don't put a line with only the one word accept immediately after it, by default you'll block everything.

Jeff

I recommend to not use beta version in production.

You can recommend anything you want.

The more beta testers there are, the better the chances that the next version of exim.conf will work well and won't cause problems.

Jeff

can be tested BUT NOT on PRODUCTION servers
so now is that better ?

We used it on production servers for a week before we released it as beta.

Your mileage may of course vary.

Jeff