At 01:42 19/03/2005, Martin Hepworth wrote:
I think the reason is that they think we might trust the secondary MX more
than anything else and therefore let it through without checks.
I don't know about that. I think its more just a matter of the way the bulk
mailing software works. A normal
And what is the dummy record? If it's not valid (i.e. and unroutable IP
such as the 10,192, 172 blocks, then it might get routed back to the
client's internal network. If it's a public IP it can be worse. Say
you route it to a dummy IP owned by you and there isn't anything on
there and one day
: Spammers Target Secondary MX hosts?
Clever trick. Do legitimate MTAs try to send to the second
highest MXer if the primary is down? If so a fake third MX
(even to a completely unused IP?) may have little downside.
I.e.
@ IN MX 5 realprimary.domain.com
@ IN MX 10 realbackup.domain.com
SNIP
I've used a different approach,
IN MX 10 primary.domain.com (4 machines)
IN MX 20 primary1.domain.com (2 of those 4)
IN MX 30 primary1.domain.com (the other 2 of those 4)
IN MX 20 backup.domain.com
IN MX 30 primary.domain.com
Seems to force most of the spam through the primary. Very
On Monday, March 21, 2005, 2:21:48 AM, Menno Bennekom wrote:
From: jdow
Wow, it's been awhile since this floated through the list the last time.
The theory among the spammers is that the secondary and tertirary
MX machines are less well protected. They're backups, afterall.
They're not used
Clever trick. Do legitimate MTAs try to send to the second
highest MXer if the primary is down? If so a fake third MX
(even to a completely unused IP?) may have little downside.
I.e.
@ IN MX 5 realprimary.domain.com
@ IN MX 10 realbackup.domain.com
@ IN MX 20
On Monday 21 March 2005 11:05, Menno van Bennekom typed:
Clever trick. Do legitimate MTAs try to send to the second
highest MXer if the primary is down? If so a fake third MX
(even to a completely unused IP?) may have little downside.
I.e.
@ IN MX 5 realprimary.domain.com
@
On 3/21/2005 12:05 PM +0100, Menno van Bennekom wrote:
AFAIK mailservers first try the highest prio, then the second highest
etcetera.
It's generally better to use the term distance when it comes to MX RRs.
I'm aware the rfc's speak of priority, but a higher priority MX, has a lower
number,
and
-Original Message-
From: Niek [mailto:[EMAIL PROTECTED]
Sent: maandag 21 maart 2005 12:14
To: users@spamassassin.apache.org
Subject: Re: Spammers Target Secondary MX hosts?
It's generally better to use the term distance when it comes
to MX RRs. I'm aware the rfc's speak
@spamassassin.apache.org
Subject: Re: Spammers Target Secondary MX hosts?
...on Fri, Mar 18, 2005 at 10:24:25AM -0800, Kelson wrote:
The backscatter becomes a real problem in the legitimate relay
situation, because it's basically unavoidable. If the spam is sent
directly to you, you can accept
On Mon, 21 Mar 2005 12:05:18 +0100 (CET), Menno van Bennekom wrote
I once had a situation where both the primary and the secondary were
down, but still mail to us didn't bounce, old mails just started
streaming in when the servers came up.
Yes, the remote MTAs will queue them. The exact
.
Pierre
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, March 18, 2005 1:40 PM
To: [EMAIL PROTECTED]; users@spamassassin.apache.org
Subject: RE: Spammers Target Secondary MX hosts?
Kelson wrote:
Larry Starr wrote:
On Friday 18 March 2005 08:17
I just had the reverse problem. Working for a large company using Exchange
for outbound business email we were always hitting one company's secondary
MX which was broken (sent back rejections).
Our servers just liked the second MX better than the primary MX for some
reason. When I manually
--On Friday, March 18, 2005 2:55 PM -0500 Pierre Thomson
[EMAIL PROTECTED] wrote:
I tried the trick with a tertiary entry matching the primary, but it
didn't reduce the spam at the secondary very much.
It would be useful to figure out why this is so. Did you use the same host
name for both
On Friday, March 18, 2005, 2:13:23 PM, jdow jdow wrote:
From: Yang Xiao [EMAIL PROTECTED]
Hi all,
I've been noticing it lately that almost 90% of emails come in through
our secondary MX host are spams, I just want to know if there's an
explanation for this, my guess is that the spammers
[EMAIL PROTECTED] wrote:
Kelson wrote:
Larry Starr wrote:
On Friday 18 March 2005 08:17, Alexander Bochmann wrote:
there are many setups where
the ISP or someone else runs a backup MX for his
customer's domains as a service. With this configuration,
the secondary MX will usually not know about
On Saturday, March 19, 2005, 4:36:42 AM, alan premselaar wrote:
I think you're thinking of Greylisting.
It'll reject mail from a certain triple (sender/receiver/ip) the first
time it comes in, record it in some form (database/filesystem/etc) and
apply certain time delays so if the mail from
I think the reason is that they think we might trust the secondary MX
more than anything else and therefore let it through without checks.
--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
Yang Xiao wrote:
Hi all,
I've been noticing it lately that almost 90%
On Fri, 18 Mar 2005 13:48:46 +, Duncan Hill [EMAIL PROTECTED] wrote:
On Friday 18 March 2005 13:09, Yang Xiao typed:
Hi all,
I've been noticing it lately that almost 90% of emails come in through
our secondary MX host are spams, I just want to know if there's an
explanation for this,
Yang Xiao wrote on Fri, 18 Mar 2005 08:09:24 -0500:
I've been noticing it lately that almost 90% of emails come in through
our secondary MX host are spams, I just want to know if there's an
explanation for this, my guess is that the spammers spam the secondary
MX host intentionally for
A secondary MX host will get mostly spam. Mailers that follow the
rules will use the MX records as they were intended. Spammers scan all
hosts for port 25 and send email through them any way they can. You
can put a machine on the Internet without any MX records and spam will
start flowing through
...on Fri, Mar 18, 2005 at 08:52:23AM -0500, Yang Xiao wrote:
On Fri, 18 Mar 2005 13:48:46 +, Duncan Hill [EMAIL PROTECTED] wrote:
In a large number of cases, the secondary MX is not configured to know the
list of valid users etc, and may be configured to pass directly to the
On Friday 18 March 2005 08:17, Alexander Bochmann wrote:
...on Fri, Mar 18, 2005 at 08:52:23AM -0500, Yang Xiao wrote:
On Fri, 18 Mar 2005 13:48:46 +, Duncan Hill [EMAIL PROTECTED]
wrote:
In a large number of cases, the secondary MX is not configured to know
the list of valid
--On Friday, March 18, 2005 3:17 PM +0100 Alexander Bochmann
[EMAIL PROTECTED] wrote:
It shurely doesn't make sense if the secondary MX is
under your control, but there are many setups where
the ISP or someone else runs a backup MX for his
customer's domains as a service. With this
Larry Starr wrote:
On Friday 18 March 2005 08:17, Alexander Bochmann wrote:
there are many setups where
the ISP or someone else runs a backup MX for his
customer's domains as a service. With this configuration,
the secondary MX will usually not know about valid users
in the destination domain.
On Fri, Mar 18, 2005 at 10:24:25AM -0800, Kelson wrote:
...
5. We generate DSNs that go to third parties or nonexistant hosts,
contributing to backscatter and cluttering up our outbound queue.
...
Even worse, the result of bounces sent by _our_ MTA was
being Spamcop-RBLed for hitting
Kelson wrote:
Larry Starr wrote:
On Friday 18 March 2005 08:17, Alexander Bochmann wrote:
there are many setups where
the ISP or someone else runs a backup MX for his
customer's domains as a service. With this configuration,
the secondary MX will usually not know about valid users
in the
...on Fri, Mar 18, 2005 at 10:24:25AM -0800, Kelson wrote:
The backscatter becomes a real problem in the legitimate relay
situation, because it's basically unavoidable. If the spam is sent
directly to you, you can accept it, discard it, or reject it, and it
stops. But if you're
--On Friday, March 18, 2005 10:24 AM -0800 Kelson [EMAIL PROTECTED] wrote:
But if you're relaying to someone, and *they* reject it, now you have to
decide whether to generate a DSN or not.
Using MIMEDefang I don't reject for mail relayed from my secondary:
...
| One possibility is to list your primary again as the tertiary, possibly
| under a different name and/or IP address. Spammers that deliver in reverse
| MX order will still end up trying to deliver to your primary first.
I tried this and it resulted in mail loops when one of the servers was
30 matches
Mail list logo