Justin Mason wrote:
Michael Scheidell writes:
Raul Dias wrote:
On Sun, 2007-01-28 at 22:26 -0500, Michael Scheidell wrote:
Better yet, just block port 25 TO that ip address and spammers will not
even get the chance t send you spam. They just try for the highest mx
and give up.
Because some of them will try a lower MX then.
Right now, I am experiencing this:
@ MX 1 fake.domain
@ MX 10 real.domain
@ MX 100 mx2.domain
@ MX 1000 fake.domain
fake.domain have no ip address
Watch out for www.rfc-ignorant.org... if 'no ip address', you could get
your domain blacklisted.
yep -- really, the only way to avoid RFCi listing with this trick,
as far as I can see, is to list a genuine (but firewalled) address.
It doesn't have to be firewalled. It just has to be non-answering on
port 25. It's called "nolisting".
I've thought about doing something similar. Nolisting only says:
MX 1 non-answering.host
MX 10 real.host
But adding the non-answering host to the end seems like a good idea to
me (for all of the spammers that try to attack the secondaries).
There IS a risk of losing mail. But only if the sender is a non-RFC
compliant MTA. Which, in theory, might be legit.. but I bet in
practice, for this particular RFC issue, it's a near zero level of risk.
