spamassassin not lethal anymore
galtsev at kicp.uchicago.edu
Fri Jan 13 00:03:21 UTC 2017
On Thu, January 12, 2017 12:14 pm, James B. Byrne via freebsd-questions
> On Wed, January 11, 2017 20:34, Russell L. Carter wrote:
>> On 01/11/17 17:24, Kurt Buff wrote:
>>> Snippety snip...
>>> A secondary MX that refuses mail when the primary is up and running
>>> foils one of the favorite tactics of spammers - they will often
>>> the secondary MX because those are often not as up to date with
>>> anti-spam measures. Most spambots try one MX, one time only.
>>> Many spambots will try that secondary MX, get refused with a 4xx
>>> error, and not bother to try the primary MX at all.
>>> It can be a big win, in the right situation.
>> Ah. Awesome. How do I do that?
> If you have control over your forward zone DNS then you can simply
> create a bogus MX record with a lower priority (higher number) than
> any of your real MX records.
> example.com. 172800 IN MX 30 mx30host.example.com.
> example.com. 172800 IN MX 50 mx50host.example.com.
> example.com. 172800 IN MX 70 mx70host.example.com.
> example.com. 172800 IN MX 90 mx90host.example.com.
> ;# mx90host.example.com. is not real - no listener at this address.
> mx90host.example.com. IN A 192.168.0.90
> There is nothing listening at 192.168.0.90 on port 25 so the spammer
> generally just goes away.
I have one question and one comment to your suggestion.
Question: why spammers would go to your lower priority MX instead of first
going to your primary MX? Is that because on primary and only on primary
you have greylisting? Why not to have greylisting on all MX serving your
domain then? I'm in darkness about the logic behind doing it.
Comment: Majority of spammers were simple scripts that just spit all onto
your MX, but some time ago (over 5 years ago) many started using real mail
servers, likely someone's poorly set up mail servers to pipe whatever
their script spits out, and that real MX never "just goes away" it will
continue attempts to deliver all that to each of MX records of your domain
for a week. At least that is my observation lately (about them piping
through real mail servers).
> If you wish to get fancy then you can honey-pot the source address
> instead. The assigned address could be your own or be one of the
> public junk mail submission addresses a la project honeypot. Just
> make sure to clear this redirection with the intended recipient before
> doing so.
> *** e-Mail is NOT a SECURE channel ***
> Do NOT transmit sensitive data via e-Mail
> Do NOT open attachments nor follow links sent by e-Mail
> James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
> Harte & Lyne Limited http://www.harte-lyne.ca
> 9 Brockley Drive vox: +1 905 561 1241
> Hamilton, Ontario fax: +1 905 561 0757
> Canada L8E 3C3
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
More information about the freebsd-questions