Fake MX records

Richard Frovarp Richard.Frovarp at sendit.nodak.edu
Mon Jul 23 15:03:35 IST 2007


Martin.Hepworth wrote:
> Just seen this..
>
> http://wiki.apache.org/spamassassin/OtherTricks (Fake MX Record)
>
> on the SA-users list.
>
> Looks very useful, anyone here using this technique?
>   

We run a firewalled lowest MX. This machine only receives mail from the 
state gov't, k12, and higher ed networks in the state. I have seen at 
least one problem with this setup and have had to add an additional IP 
to let a poorly designed external system talk to this machine. This 
system only tries the lowest IP, then fails after 2 hours. Systems like 
this might have an issue with a fake lowest as well. I don't know how 
useful it is in stopping spam. We haven't seen a drop in number reaching 
our 3 standard machines. However, it does allow mail from our users to 
pass through very quickly, as spam attacks don't affect this machine. 
We're issuing a tcp-reset so the impact on systems communicating with us 
is minimal, as they don't have to wait for a timeout.

Richard



More information about the MailScanner mailing list