On Dec 26 21:31:26, h...@stare.cz wrote: > This is spamd and greyscanner on current/macppc. > Generally, it works very well for me. > > Recently, I see greyscanner trapping hosts that try to > "mail from sender with no MX or A", such as > > Dec 26 17:21:13 www greyscanner[31861]: Trapped 87.219.109.249: > Mailed from sender bernina.co.il with no MX or A > > That's a spammer alright, a typical mail from there looks like > (GREY) 87.219.109.249: <surchargeg...@bernina.co.il> -> <xyfstare...@stare.cz> > However, there _is_ a MX and A record for bernina.co.il: > > $ host -t a bernina.co.il > bernina.co.il has address 62.90.102.9 > $ host -t mx bernina.co.il > bernina.co.il mail is handled by 20 mx5.adcd.co.il. > bernina.co.il mail is handled by 10 mx4.adcd.co.il. > > So there is something wrong. Same way, gmail.com got trapped:
I looked over my log with grep 'no MX' /var/log/maillog | awk '{print$11}' | sort -u > /tmp/bad cat /tmp/bad | xargs -n1 host Most of them are actually spammers, but almost every of them _does_ have valid MX and A records. admail.com.ar atayatirim.com.tr axsone.com bernina.co.il blomnet.com bmacapital.com buhrmann.com buxrud.se cascade.oostrozebeke.com cbthomebank.com chinesegamer.net ctrip.com deltamar.net dilos.com ef-law.com etisbew.com eurobiobiz.com fiemg.com.br financial-tracking.com glgmc.org globalnavipro.com gmail.com greaterlouisville.com harrisoncapmgmt.com hemc.net iicbelgium.com legionofrassilon.net lsinter.net multiform.at naahq.org pacunion.com porterorlin.com ras-mgu.com regallager.com retalix.com ritzier.com rmgindia.com robinsongrimes.com roulle.com rouvet.com royalautos.com royalprime.com siaminet.com smilde-bv.nl taupower.se twaron.com uky.edu uncw.edu uob-oskam.com.my wonderware.com yahoo.com yahoo.nl yhbia.com