Christopher Bort wrote:
This is really not a SpamAssassin issue, but since this list is
populated by people who are interested in spammer behavior, I'm
throwing it out for comment. If it's too far off topic, my apologies
and I'll let it go at that.
At $DAYJOB I run a mail server and a name server for several domains,
both our own and for clients. At home, I run a mail server and a name
server for a couple of personal domains. The home name server is a
slave for most of the domains hosted at $DAYJOB. The home mail server
is _not_ configured to handle mail for any of the $DAYJOB domains and
it is _not_ an MX for any of those domains. The only connection is
that it is an NS for the $DAYJOB domains. These domains _do_ have
$DAYJOB mail server as their MX.
For a while now, I've been seeing attempts to send mail to the home
server for addresses in $DAYJOB domains. This is not a problem since
the volume is low and they are being properly rejected as third-party
relay attempts (authentication required - relay not permitted).
However, the fact that someone is apparently trying to send mail to an
NS instead of an existing MX has piqued my curiosity. It looks like
it's all spam (the sender addresses tend to support that). So, has
anyone else seen this sort of behavior and what could be the rationale
for trying to deliver mail to an NS like this?
I have seen that spammers usually target most available "A" records of
a domain
So if a domain is example.com All machines , mail.example.com ,
example.com , ns.example.com etc are all targeted.
Remove the A record ns.example.com ( if possible ) and you will see
spams disappear
Unfortunately this works :-( in evading spam filters in far too many
cases. A lot of domains host their websites/mailboxes/DNS on shared
servers who do not offer any protection at SMTP levels .Even if the
customer subscribes to a third party Antispam solution and points his MX
to a spam filter the spammer easily sends his mail to the unportected
mailhost server and gets straight to the inbox. We ourselves had
extremely tough times explaining to clients
Probably Spamassassin Comunity needs to develop a email client plugin
that can detect such mails
Thanks
Ram
===================================================================
sms START NEWS <your city> to 09845398453 for Breaking News and Top
Stories on Business, Sports & Politics. For more services visit
http://www.mytodaysms.com
===================================================================
