ram wrote:
On Fri, 2008-07-25 at 18:15 +0200, Jonas Eckerman wrote:
[snip]
I think I still miss the point. How can someone else declare the MX of
my domain. ( dns poisoning ignored ). If that were possible , he would
be getting my mails which is much more a serious issue
- I buy a domain, say foobar.example.
- I declare the MX to point to your IP (your mailserver or anything else)
- I write a message from [EMAIL PROTECTED] to sales/infos/jobs/....
at some company, or I send a subscription request to a mailing-list
- said company or mailing-list will then connect your your server trying
to delivered to [EMAIL PROTECTED]
- you consider this as a relay attempt and blocklist the _innocent_
client IP.
is it clear now?
in short, if you see mail coming in that shouldn't come in, don't list
the source without investigation.
Anyway for the stats I just created two brand new "A" records with
mail.domain.com just for testing , and pointed to a fake smtp server
No Mxes pointing to that IP so no real mail should come here
For the last 3 days , 154 distinct ips have connected and of them 144
are already listed in zen.spamhaus.org
So it doesnt seem to be a very useful effort afterall to list those
ips :-(. I would have blocked those mails with spamhaus anyway
for people who want to reduce external calls (for both their good and
that of spamhaus and friends), a local blacklist is advantageous.
however, it doesn't come for free. you need to be careful when listing
an IP, and you need to maintain the list (machines get fixed, IPs get
reassigned, ... etc). if this is too much work, then forget about it.
