Christopher Bort wrote:
This is really not a SpamAssassin issue, but since this list is
populated by people who are interested in spammer behavior, I'm
throwing it out for comment. If it's too far off topic, my apologies
and I'll let it go at that.
At $DAYJOB I run a mail server and a name server for several domains,
both our own and for clients. At home, I run a mail server and a name
server for a couple of personal domains. The home name server is a
slave for most of the domains hosted at $DAYJOB. The home mail server
is _not_ configured to handle mail for any of the $DAYJOB domains and
it is _not_ an MX for any of those domains. The only connection is
that it is an NS for the $DAYJOB domains. These domains _do_ have
$DAYJOB mail server as their MX.
For a while now, I've been seeing attempts to send mail to the home
server for addresses in $DAYJOB domains. This is not a problem since
the volume is low and they are being properly rejected as third-party
relay attempts (authentication required - relay not permitted).
However, the fact that someone is apparently trying to send mail to an
NS instead of an existing MX has piqued my curiosity. It looks like
it's all spam (the sender addresses tend to support that). So, has
anyone else seen this sort of behavior and what could be the rationale
for trying to deliver mail to an NS like this?
I don't consider it off topic at all. I'm going to look into this. Seems
like a way to feed right into my blacklist.
