This is really not a SpamAssassin issue, but since this list is
populated by people who are interested in spammer behavior, I'm
throwing it out for comment. If it's too far off topic, my
apologies and I'll let it go at that.
At $DAYJOB I run a mail server and a name server for several
domains, both our own and for clients. At home, I run a mail
server and a name server for a couple of personal domains. The
home name server is a slave for most of the domains hosted at
$DAYJOB. The home mail server is _not_ configured to handle mail
for any of the $DAYJOB domains and it is _not_ an MX for any of
those domains. The only connection is that it is an NS for the
$DAYJOB domains. These domains _do_ have $DAYJOB mail server as
their MX.
For a while now, I've been seeing attempts to send mail to the
home server for addresses in $DAYJOB domains. This is not a
problem since the volume is low and they are being properly
rejected as third-party relay attempts (authentication required
- relay not permitted). However, the fact that someone is
apparently trying to send mail to an NS instead of an existing
MX has piqued my curiosity. It looks like it's all spam (the
sender addresses tend to support that). So, has anyone else seen
this sort of behavior and what could be the rationale for trying
to deliver mail to an NS like this?
--
Christopher Bort
<[EMAIL PROTECTED]>
<http://www.thehundredacre.net/>
