Christopher Bort wrote:
This is really not a SpamAssassin issue, but since this list is
populated by people who are interested in spammer behavior, I'm throwing
it out for comment. If it's too far off topic, my apologies and I'll let
it go at that.
At $DAYJOB I run a mail server and a name server for several domains,
both our own and for clients. At home, I run a mail server and a name
server for a couple of personal domains. The home name server is a slave
for most of the domains hosted at $DAYJOB. The home mail server is _not_
configured to handle mail for any of the $DAYJOB domains and it is _not_
an MX for any of those domains. The only connection is that it is an NS
for the $DAYJOB domains. These domains _do_ have $DAYJOB mail server as
their MX.
For a while now, I've been seeing attempts to send mail to the home
server for addresses in $DAYJOB domains. This is not a problem since the
volume is low and they are being properly rejected as third-party relay
attempts (authentication required - relay not permitted). However, the
fact that someone is apparently trying to send mail to an NS instead of
an existing MX has piqued my curiosity. It looks like it's all spam (the
sender addresses tend to support that). So, has anyone else seen this
sort of behavior and what could be the rationale for trying to deliver
mail to an NS like this?
I have, I have also seen attempts to send to the A record as well. I see
no rational explanation except for the hope a poorly configured server
running multiple services (DNS, Web, Mail, etc) will let something slip
through.
DAve
--
Don't tell me I'm driving the cart!
