RE: Bogus MX -> blacklist service viable?

Thu, 21 Feb 2008 20:26:41 -0800 

Sorry; apparently I was unclear.

MX records I'm saying as follows:
        100 - Real
        200 - Real perhaps, as many "real" as you want
        300 - Bogus - one that blocks port 25 with tcp reset for example
        400 - accept port, logs ip -> blacklist (not to be scored
aggressively at all) with a 421/retry. 

If a whole bunch of places are seeing the same smtp server hitting this
400 level MX then I'm saying that seems like a useful thing to be
included in a blacklist using a low score in sa.

The point was to offer the 400 level mx as a free service to log the ips
quickly for those that don't want to set up the server themselves.

In theory the 400 level MX wouldn't be used by "real" smtp very often,
hence it's likely a spammer and therefore the IP could be auto
blacklisted.  Realize I'm NOT proposing we block on this, just score
based on this list.

Steve Radich - http://www.aspdeveloper.net /
http://www.virtualserverfaq.com 
BitShop, Inc. - Development, Training, Hosting, Troubleshooting -
http://www.bitshop.com

-----Original Message-----
From: mouss [mailto:[EMAIL PROTECTED] 
Sent: Thursday, February 21, 2008 8:25 PM
Cc: users@spamassassin.apache.org
Subject: Re: Bogus MX -> blacklist service viable?

McDonald, Dan wrote:
> On Thu, 2008-02-21 at 21:58 +0100, Raymond Dijkxhoorn wrote:
>   
>> Hi!
>>
>>     
>>> provide this hosted (i.e. I'm thinking of offering), but instead of
ONLY
>>> log it somehow feed / create a blacklist based on this?
>>>
>>> I'm not as familiar with blacklists as many of you, but the network
/
>>> smtp / logging side of this is easy for me to implement.
>>>
>>> I'm thinking make this a very public (free) service to gather data
for
>>> the blacklist, anyone could list the mx.
>>>       
>> Whats wrong with :
>>
>> http://www.rfc-ignorant.org/tools/submit_form.php?table=bogusmx
>>
>>     
>
> wrong direction.  That lists domains that don't have their MX records
> set up properly, not ip addresses that attempt to send mail to sites
> that are not MX records.
>   

and the difference is?

if you force our servers to retry each time we connect to your server, 
then we will find other people to talk to (in short, we'll BL you) 
unless you ask the IETF to modify SMTP by adding a "knocking"
requirement.

Reply via email to