[Gllug] How to handle spam bounces from secondary MX server
Peter Corlett
abuse at cabal.org.uk
Tue Dec 9 11:24:07 UTC 2008
On Mon, Dec 08, 2008 at 09:02:22PM +0000, Robert McKay wrote:
> On Mon, Dec 8, 2008 at 12:32 PM, Peter Corlett <abuse at cabal.org.uk> wrote:
[...]
>> This one's easy: get rid of the secondary MXer. Really. What benefit is
>> the secondary giving you anyway?
> One trick that may help a bit (not really a solution tho) is to set a 3rd
> MX with a really high priority ( 999 say ) that just points back to your
> primary MX. If the spammers are just going to the highest number MX then
> they'll hit your primary again and get rejected there instead of going to
> the secondary.
Back in 2000, the spammers would try *lowest* priority MX first, or
sometimes *only* the lowest MX, in an attempt to find a secondary with less
spamfiltering than the primary. So the wheeze would be to have a
lowest-priority MX pointing into bogon space, and the second-lowest being
your primary. This worked reasonably well for about a year until the
spammers got wise to it.
> Of course it's also possible that the spammers are just picking an MX at
> random or any random non-primary MX but I believe this trick did used to
> work to some extent.
One current spammer technique is to batch-query MX records and publish the
results to the botnet. Their cache of MX records is held for a long time, so
periodically changing your mailserver IPs can help.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list