Fake MX records

Mogens Melander mogens at fumlersoft.dk
Tue Jul 24 11:03:16 IST 2007 

On Tue, July 24, 2007 10:13, Glenn Steen wrote:
> On 24/07/07, Mogens Melander <mogens at fumlersoft.dk> wrote:
>>
>> On Mon, July 23, 2007 20:12, Hugo van der Kooij wrote:
>> > On Mon, 23 Jul 2007, Martin.Hepworth wrote:
>> >
>> >> http://wiki.apache.org/spamassassin/OtherTricks (Fake MX Record)
>> >>
>> >> on the SA-users list.
>> >>
>> >> Looks very useful, anyone here using this technique?
>> >
>> > I use it partially. MX 10 is me. MX 100 is for backups. MX 1000 is me
>> > again as spammers favored the highest MX (lowest priority) to bypass
>> > (RBL) filters. Now they seem to take them at random and ignore the
>> > priorities.
>> >
>>
>> I was thinking about a "thingy" that would query senders MX if
>> sender was valid (accept mail to sender) but i don't like to
>> waste too much bandwidth on a allready crowded internet, so i'm
>> still thinking. This "Fake MX" would of cause break this idea,
>> unless i'd make it retry until all MX's been "tasted", adding
>> more trafic to the pool. But this could be done at MTA level,
>> and thus, not be too expencive.
>>
>> As i'm not a perl/C hacker, i'll limit my tests to PHP, but
>> if/when implemented, i'd be happy to share my results.
>>
> Um.... Do you mean something like Sender Address Verification? As done
> in milter-sender, smf-sav, piostfix "natively"
> (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) .... <insert
> favourite MTA function for this:-)>

Well, i did'nt think i invented "the weel", but i would like to develop
my own platform to play with.

> I don't think you need waste time writing another. Or would yours do
> something extreme and different?

Having had a sneek view into my /etc/mail/access you might guess
that i had something extreme in mind, like counting hits from
purely virtual senders, and adding them to either access file,
or directly in iptables. My sendmail is MySQL aware, so i can
store those "bad guys" directly in either.


-- 
Later

Mogens Melander
+45 40 85 71 38
+66 870 133 224



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list