<P>Hey, Rolf, thanks a lot for answering.</P> <P>I did not realise that the MX record order could be ignored.</P> <P>We had locked down Mercury so that SMTP connections were only accepted from MessageLabs' IP addresses. However, because our staff use IMAP and they have dynamic addresses assigned by their ISP's for their home machines I opened it up again so they could authenticate and send mail. I'm going to lock it down again and update their IP addresses in Mercury as required.</P> <P>This is the first email that has been delivered directly to our IP address. I guess we've been lucky that no more arrived.</P> <P>Thanks again for the help.</P>

<SPAN style="WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; BORDER-COLLAPSE: separate; FONT: medium Arial; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; -webkit-text-size-adjust: auto; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-stroke-width: 0px" class=Apple-style-span> <DIV style="PADDING-BOTTOM: 8px; BACKGROUND-COLOR: rgb(255,255,255); PADDING-LEFT: 8px; PADDING-RIGHT: 8px; FONT-FAMILY: Arial, Helvetica, sans-serif; FONT-SIZE: 10pt; PADDING-TOP: 8px"> <P>Hi, folks</P> <P>I have an issue that I don't understand and hope someone here can help me.</P> <P>Our setup is as follows - we use Pegasus Mail and Mercury/32. All mail is filtered by MessageLabs.</P> <P>MX records are set as follows:</P> <P>MX10 MessageLabs</P> <P>MX20 MessageLabs</P> <P>MX30 mail.ourdomain.co.uk</P> <P> </P> <P>Yesterday, a message was delivered directly to our mail server. As I understand it, this should only happen if MX10 and MX20 fail. We received many messages at the same time that were routed through MessageLabs. All mail received via MessageLabs has a banner appended to it, the offending message did not contain the banner or the usual MessageLab server information in the headers:</P> <P>X-SPAMWALL: Passed through antiSPAM test by SpamHalter 4.4.0 on apsarchaeology.co.uk (1425)</P> <P>X-SPAMWALL: probability - 0.0%</P> <P>Return-path: <update@facebookmail.com></P> <P>Received: from facebookmail.com (213.122.160.98) by apsarchaeology.co.uk (Mercury/32 v4.62) with ESMTP ID MG000657;</P> <P>   5 Aug 2010 13:46:36 +0100</P> <P>From: update@facebookmail.com</P> <P>To: greenman@apsarchaeology.co.uk</P> <P>Subject: You have got a new message on Facebook!</P> <P>Date: Thu, 5 Aug 2010 13:47:36 +0100</P> <P>MIME-Version: 1.0</P> <P>Content-Type: multipart/mixed;</P> <P><SPAN style="WHITE-SPACE: pre" class=Apple-tab-span></SPAN>boundary="----=_NextPart_000_0004_739DBACD.54AA3719"</P> <P>X-Priority: 3</P> <P>X-MSMail-Priority: Normal</P> <DIV> </DIV> <P mce_keep="true"> </P> <P>Does anyone know how this can happen?</P> <P>I thought that mail addressed to our domain would be subject to the MX records.</P> <P>Thanks</P></DIV></SPAN>

<p>The MX priority is supposed to be respected by the sender but it's entirely up to them to do it or not. Some spam bots always connect to the lowest priority MX server, as they hope a backup server will have less effective antispam measures.</p><p>/Rolf </p>