Man, they'll try anything to hack your system...
Bill McGonigle
bill at bfccomputing.com
Fri Jan 27 16:12:00 EST 2006
On Jan 27, 2006, at 14:03, Neil Schelly wrote:
> Technically, the SMTP spec says that a domain's blank address counts
> as the
> last MX record to try. So if gnhlug.org didn't have any MX records,
> then
> gnhlug.org itself should be tried. It may not be pretty, but
> according to
> the RFC, it's perfectly valid not to have an MX record for a domain.
Ah, yes quite right. These few were very strange. They were spams
that got through, which I usually look at to see how I can improve the
ruleset. If I recall correctly, the mails came from:
a host in example.com
the host's IP had a PTR in example.com
the From: field was from foo at example2.com
example2.com had a whois record, NS records, but no A or MX (the NS
records were outside example2.com)
So, I thought, "well, what good is a mail that can't be replied to?"
Of course, it was advertising a website in example3.com for pills to do
something to your body so they weren't expecting any replies. Still,
it's better than a Joe Job, and more easily disqualified by an MTA. I,
of course, didn't have the right postfix rule in at the time.
-Bill
-----
Bill McGonigle, Owner Work: 603.448.4440
BFC Computing, LLC Home: 603.448.1668
bill at bfccomputing.com Cell: 603.252.2606
http://www.bfccomputing.com/ Page: 603.442.1833
Blog: http://blog.bfccomputing.com/
VCard: http://bfccomputing.com/vcard/bill.vcf
More information about the gnhlug-discuss
mailing list