Date: Thu, 12 Jan 2017 17:32:20 -0600 (CST) From: "Valeri Galtsev" <galtsev@kicp.uchicago.edu> To: byrnejb@harte-lyne.ca Cc: freebsd-questions@freebsd.org Subject: Re: spamassassin not lethal anymore Message-ID: <34435.128.135.52.6.1484263940.squirrel@cosmo.uchicago.edu> In-Reply-To: <23452361f18e06fccb64293d30f1b6eb.squirrel@webmail.harte-lyne.ca> References: <mailman.128.1484222402.46410.freebsd-questions@freebsd.org> <23452361f18e06fccb64293d30f1b6eb.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, January 12, 2017 12:14 pm, James B. Byrne via freebsd-questions wrote: > > On Wed, January 11, 2017 20:34, Russell L. Carter wrote: >> On 01/11/17 17:24, Kurt Buff wrote: >>> Snippety snip... > >>> >>> A secondary MX that refuses mail when the primary is up and running >>> foils one of the favorite tactics of spammers - they will often >>> target >>> the secondary MX because those are often not as up to date with >>> anti-spam measures. Most spambots try one MX, one time only. >>> >>> Many spambots will try that secondary MX, get refused with a 4xx >>> error, and not bother to try the primary MX at all. >>> >>> It can be a big win, in the right situation. >> >> Ah. Awesome. How do I do that? >> > > > If you have control over your forward zone DNS then you can simply > create a bogus MX record with a lower priority (higher number) than > any of your real MX records. > > example.com. 172800 IN MX 30 mx30host.example.com. > example.com. 172800 IN MX 50 mx50host.example.com. > example.com. 172800 IN MX 70 mx70host.example.com. > example.com. 172800 IN MX 90 mx90host.example.com. > > > ;# mx90host.example.com. is not real - no listener at this address. > mx90host.example.com. IN A 192.168.0.90 > > There is nothing listening at 192.168.0.90 on port 25 so the spammer > generally just goes away. I have one question and one comment to your suggestion. Question: why spammers would go to your lower priority MX instead of first going to your primary MX? Is that because on primary and only on primary you have greylisting? Why not to have greylisting on all MX serving your domain then? I'm in darkness about the logic behind doing it. Comment: Majority of spammers were simple scripts that just spit all onto your MX, but some time ago (over 5 years ago) many started using real mail servers, likely someone's poorly set up mail servers to pipe whatever their script spits out, and that real MX never "just goes away" it will continue attempts to deliver all that to each of MX records of your domain for a week. At least that is my observation lately (about them piping through real mail servers). Valeri > > If you wish to get fancy then you can honey-pot the source address > instead. The assigned address could be your own or be one of the > public junk mail submission addresses a la project honeypot. Just > make sure to clear this redirection with the intended recipient before > doing so. > > > -- > *** e-Mail is NOT a SECURE channel *** > Do NOT transmit sensitive data via e-Mail > Do NOT open attachments nor follow links sent by e-Mail > > James B. Byrne mailto:ByrneJB@Harte-Lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?34435.128.135.52.6.1484263940.squirrel>