Fake MX records

Mogens Melander mogens at fumlersoft.dk
Tue Jul 24 23:48:11 IST 2007 

On Tue, July 24, 2007 15:05, Glenn Steen wrote:
> On 24/07/07, Mogens Melander <mogens at fumlersoft.dk> wrote:
>>
>> On Tue, July 24, 2007 10:13, Glenn Steen wrote:
>> > On 24/07/07, Mogens Melander <mogens at fumlersoft.dk> wrote:
>> >>
>> >> On Mon, July 23, 2007 20:12, Hugo van der Kooij wrote:
>> >> > On Mon, 23 Jul 2007, Martin.Hepworth wrote:
>> >> >
>> >> >> http://wiki.apache.org/spamassassin/OtherTricks (Fake MX Record)
>> >> >>
>> >> >> on the SA-users list.
>> >> >>
>> >> >> Looks very useful, anyone here using this technique?
>> >> >
>> >> > I use it partially. MX 10 is me. MX 100 is for backups. MX 1000 is me
>> >> > again as spammers favored the highest MX (lowest priority) to bypass
>> >> > (RBL) filters. Now they seem to take them at random and ignore the
>> >> > priorities.
>> >> >
>> >>
>> >> I was thinking about a "thingy" that would query senders MX if
>> >> sender was valid (accept mail to sender) but i don't like to
>> >> waste too much bandwidth on a allready crowded internet, so i'm
>> >> still thinking. This "Fake MX" would of cause break this idea,
>> >> unless i'd make it retry until all MX's been "tasted", adding
>> >> more trafic to the pool. But this could be done at MTA level,
>> >> and thus, not be too expencive.
>> >>
>> >> As i'm not a perl/C hacker, i'll limit my tests to PHP, but
>> >> if/when implemented, i'd be happy to share my results.
>> >>
>> > Um.... Do you mean something like Sender Address Verification? As done
>> > in milter-sender, smf-sav, piostfix "natively"
>> > (http://www.postfix.org/ADDRESS_VERIFICATION_README.html) .... <insert
>> > favourite MTA function for this:-)>
>>
>> Well, i did'nt think i invented "the weel", but i would like to develop
>> my own platform to play with.
>
> Ok.
>
>> > I don't think you need waste time writing another. Or would yours do
>> > something extreme and different?
>>
>> Having had a sneek view into my /etc/mail/access you might guess
>> that i had something extreme in mind, like counting hits from
>> purely virtual senders, and adding them to either access file,
>> or directly in iptables. My sendmail is MySQL aware, so i can
>> store those "bad guys" directly in either.
>>
> There is the IPBlock thing and Vispan that do some of those things,
> but not necessarily in that context. Could be worth your while to look
> at though (IIRC the IPBlock thing is in the CustomFinctions).

I do run Vispan on production server, and it managed to blacklist
blacknight.ie a few times, but otherwhise, it's a pretty cool app.

I'll check out IPBlock tingy, and see if it fit my rather special taste.


-- 
Later

Mogens Melander
+45 40 85 71 38
+66 870 133 224



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list