ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] host named "mail" that is not an MX

2005-06-02 17:37:21
from [Justin Mason] [Permanent Link] 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Markus Stumpf writes:

On Thu, Jun 02, 2005 at 12:42:35PM -0700, william(at)elan.net wrote:

First I heard of it, but it would sure explain some things as to why I
still receive on my mail server messages for old domains no longer there
that we're not even relaying for. I never kept any statistics though and 
don't think its significant (but maybe its just because those domains have 
always had less mail than active ones).


I've seen this on some of our central mailservers, too. IMHO this is
because of stale DNS entries in broken DNS caching software. But I have
always wondered why e.g. mail.space.net is spammed with mails for
@space.net even if it is not in the MX list. This is not because of stale
DNS entries (the MX has never been there).
IMHO spammers think that if a mail.example.com exists and accepts mails
(aka port 25 is connected) but is not the MX it may be a "shielded" weak
server and the official best MX runs antispam and antivirus software but the
hidden mailserver is an easy victim.


aha, that's it, you're right.  This is the Postini recommended
configuration, from what I've heard, so that probably explains it.
(handy to know, if you're running into Postini FP'ing on your mail ;)
e.g.:

: jm 358...; dig infoworld.com mx

; <<>> DiG 9.2.4 <<>> infoworld.com mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50691
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;infoworld.com.                 IN      MX

;; ANSWER SECTION:
infoworld.com.          86400   IN      MX      300 
infoworld.com.s8b1.psmtp.com.
infoworld.com.          86400   IN      MX      400 
infoworld.com.s8b2.psmtp.com.
infoworld.com.          86400   IN      MX      100 
infoworld.com.s8a1.psmtp.com.
infoworld.com.          86400   IN      MX      200 
infoworld.com.s8a2.psmtp.com.

;; AUTHORITY SECTION:
infoworld.com.          40465   IN      NS      ns1.infoworld.com.
infoworld.com.          40465   IN      NS      ns1.infoworldtestcenter.com.
infoworld.com.          40465   IN      NS      ns2.infoworld.com.
infoworld.com.          40465   IN      NS      ns3.infoworld.com.

;; ADDITIONAL SECTION:
ns1.infoworld.com.      20056   IN      A       64.95.97.72
ns1.infoworldtestcenter.com. 98495 IN   A       207.217.205.3
ns2.infoworld.com.      32907   IN      A       206.14.107.138
ns3.infoworld.com.      32907   IN      A       206.14.107.135

;; Query time: 31 msec
;; SERVER: 204.127.198.19#53(204.127.198.19)
;; WHEN: Thu Jun  2 17:34:44 2005
;; MSG SIZE  rcvd: 346

: exit=0 Thu Jun  2 17:34:44 PDT 2005; cd /home/jm/ftp/spamassassin/t
: jm 359...; telnet mail.infoworld.com 25
Trying 64.95.97.93...
Connected to mail1.infoworld.com.
Escape character is '^]'.
220 mail1.infoworld.com ESMTP Postfix (Debian/GNU)
^]
telnet> q
Connection closed.


- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFCn6XlMJF5cimLx9ARArn5AJ0Qx3vOsoy4UxzvhNuGXB7w+bkImwCeO6Yn
ze2n9vq6shYbBZJdS6U3W3E=
=hKzG
-----END PGP SIGNATURE-----


_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] A CAPTCHA that automatically detects and neutralizes attacks., Markus Stumpf
Next by Date:  Re: forged bounces, was [Asrg] A CAPTCHA that automatically detects and neutralizes attacks., John Levine
Previous by Thread:  Re: [Asrg] host named "mail" that is not an MX, Markus Stumpf
Next by Thread:  Re: [Asrg] host named "mail" that is not an MX, der Mouse
Indexes:  [Date] [Thread] [Top] [All Lists]