Fake MX records

Glenn Steen glenn.steen at gmail.com
Tue Jul 24 14:05:41 IST 2007


On 24/07/07, Mogens Melander <mogens at fumlersoft.dk> wrote:
>
> On Tue, July 24, 2007 10:13, Glenn Steen wrote:
> > On 24/07/07, Mogens Melander <mogens at fumlersoft.dk> wrote:
> >>
> >> On Mon, July 23, 2007 20:12, Hugo van der Kooij wrote:
> >> > On Mon, 23 Jul 2007, Martin.Hepworth wrote:
> >> >
> >> >> http://wiki.apache.org/spamassassin/OtherTricks (Fake MX Record)
> >> >>
> >> >> on the SA-users list.
> >> >>
> >> >> Looks very useful, anyone here using this technique?
> >> >
> >> > I use it partially. MX 10 is me. MX 100 is for backups. MX 1000 is me
> >> > again as spammers favored the highest MX (lowest priority) to bypass
> >> > (RBL) filters. Now they seem to take them at random and ignore the
> >> > priorities.
> >> >
> >>
> >> I was thinking about a "thingy" that would query senders MX if
> >> sender was valid (accept mail to sender) but i don't like to
> >> waste too much bandwidth on a allready crowded internet, so i'm
> >> still thinking. This "Fake MX" would of cause break this idea,
> >> unless i'd make it retry until all MX's been "tasted", adding
> >> more trafic to the pool. But this could be done at MTA level,
> >> and thus, not be too expencive.
> >>
> >> As i'm not a perl/C hacker, i'll limit my tests to PHP, but
> >> if/when implemented, i'd be happy to share my results.
> >>
> > Um.... Do you mean something like Sender Address Verification? As done
> > in milter-sender, smf-sav, piostfix "natively"
> > (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) .... <insert
> > favourite MTA function for this:-)>
>
> Well, i did'nt think i invented "the weel", but i would like to develop
> my own platform to play with.

Ok.

> > I don't think you need waste time writing another. Or would yours do
> > something extreme and different?
>
> Having had a sneek view into my /etc/mail/access you might guess
> that i had something extreme in mind, like counting hits from
> purely virtual senders, and adding them to either access file,
> or directly in iptables. My sendmail is MySQL aware, so i can
> store those "bad guys" directly in either.
>
There is the IPBlock thing and Vispan that do some of those things,
but not necessarily in that context. Could be worth your while to look
at though (IIRC the IPBlock thing is in the CustomFinctions).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list