Michael,
If you can't lock down the mail server, just change the IP once all of the MX records no longer point to that box. As far as I can tell, they don't cache the MX records, they only cache the IP that the old MX records resolved to. I was concerned about the possibility of spammers guessing mail.domain.tld, but I have found only evidence of old IP's being cached so far.
Matt
Michael Jaworski wrote:
Absolutely! Once we installed a Postix gateway and updated the mx records for a particular domain under constant dictionary attacks we dramatically cut down the network flood of unknown users. However that domain is still getting a smaller flood of unknown user spam at the old location. We suspect they are doing a port scan and or just trying mail.domanname.tld which was the original. Our next step is to get all our customers for that domain to move to a different domain name SMTP and POP addresses. Would love to bypass the process of elimination and go to the heart of the spammer bypass.
Michael Jaworski [EMAIL PROTECTED]
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Geiser Sent: Thursday, November 18, 2004 7:32 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] Interesting Spamming Technique
Hello, All, In addition to doing spam filtering for some of our IMail hosting customers we also do Store and Forward filtering for a few domains. In the past day or so I've had complaints from Store and Forward customers about an increase in spam. When I check the headers of the e-mail they are sending to me I don't see any indication that they e-mail was routed through us and NOT picked up as spam. Instead it looks like the mail was delivered directly to their e-mail servers and did the end around our Store and Forward. The thing is I have no idea how the spammer even knew the direct IP addresses of our customers because those don't show up anywhere in their DNS records. Although I guess they could just be running port scans and checking for responses on port 25 and attempting delivery of spam that way without using DNS lookups. But part of the IMail Store and Forward documentation involves locking down the SMTP server to only accept e-mail of the relaying IP address. I'm 99% sure that we had the customers lock down their incoming e-mail to only accept connections from us but I need to confirm that. In the meantime has anyone noticed an increase in this direct delivery method which basically ignores the current DNS system?
Thanks In Advance, Dan Geiser [EMAIL PROTECTED]
-----------------------------------------------------------------------
Sign up for virus-free and spam-free e-mail with Nexus Technology Group http://www.nexustechgroup.com/mailscan
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
