"Alan J. Flavell" <[EMAIL PROTECTED]> said, in message [EMAIL PROTECTED]:
> > I've been meaning to do something like this for a while. The > > corollory would be, after moving the IP, to firewall the old IP and > > watch the firewall logs. > > OK, I wasn't sure if my throwaway remark above would raise any > interest, but, as it has (thanks for reporting the results of your > experiment!), maybe I could add just a bit of detail. It's interesting just how crazy some of this spamware is! I wonder what percentage of the world's MX records (when resolved down to the IP address level) have stayed the same over the course of 2.5 years (which is the highest figure I can prove from my logs). I've spotted one possible problem with this approach here. Someone who controls the DNS for a domain could register an MX record pointing to a machine on our network. If they then mail an address at that domain from e.g. hotmail, hotmail will attempt to connect to it and the firewall will log it, leading to the blacklisting of one of hotmail's outbound servers. I've discovered this because someone appears to have done just that (well, they've hit messagelabs, but still...)! Cheers, Alun. p.s. 2007 hosts and counting. -- Alun Jones [EMAIL PROTECTED] Systems Support, (01970) 62 2494 Information Services, University of Wales, Aberystwyth -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
