On Dec 26 21:31:26, h...@stare.cz wrote:
> This is spamd and greyscanner on current/macppc.
> Generally, it works very well for me.
>
> Recently, I see greyscanner trapping hosts that try to
> "mail from sender with no MX or A", such as
>
> Dec 26 17:21:13 www greyscanner[31861]: Trapped 87.219.109.249:
> Mailed from sender bernina.co.il with no MX or A
>
> That's a spammer alright, a typical mail from there looks like
> (GREY) 87.219.109.249: <surchargeg...@bernina.co.il> -> <xyfstare...@stare.cz>
> However, there _is_ a MX and A record for bernina.co.il:
>
> $ host -t a bernina.co.il
> bernina.co.il has address 62.90.102.9
> $ host -t mx bernina.co.il
> bernina.co.il mail is handled by 20 mx5.adcd.co.il.
> bernina.co.il mail is handled by 10 mx4.adcd.co.il.
>
> So there is something wrong. Same way, gmail.com got trapped:
I looked over my log with
grep 'no MX' /var/log/maillog | awk '{print$11}' | sort -u > /tmp/bad
cat /tmp/bad | xargs -n1 host
Most of them are actually spammers, but almost every of them
_does_ have valid MX and A records.
admail.com.ar
atayatirim.com.tr
axsone.com
bernina.co.il
blomnet.com
bmacapital.com
buhrmann.com
buxrud.se
cascade.oostrozebeke.com
cbthomebank.com
chinesegamer.net
ctrip.com
deltamar.net
dilos.com
ef-law.com
etisbew.com
eurobiobiz.com
fiemg.com.br
financial-tracking.com
glgmc.org
globalnavipro.com
gmail.com
greaterlouisville.com
harrisoncapmgmt.com
hemc.net
iicbelgium.com
legionofrassilon.net
lsinter.net
multiform.at
naahq.org
pacunion.com
porterorlin.com
ras-mgu.com
regallager.com
retalix.com
ritzier.com
rmgindia.com
robinsongrimes.com
roulle.com
rouvet.com
royalautos.com
royalprime.com
siaminet.com
smilde-bv.nl
taupower.se
twaron.com
uky.edu
uncw.edu
uob-oskam.com.my
wonderware.com
yahoo.com
yahoo.nl
yhbia.com
