Spam and extra MX records
Neil Joseph Schelly
neil at jenandneil.com
Tue Apr 15 09:44:35 EDT 2008
Not linux-specific persay, but mail and DNS servers can and do run in Linux,
so I figure I'm more on-topic than usual. I'm curious what opinions others
have, especially negative about a strategy to prevent spam from coming into
your mail server. I've read a couple suggestions which make a good deal of
sense to me, but just feel wrong.
1 - Set a fake MX record for a nonexistent server, or for a server that won't
listen on port 25 for your _highest_ MX value. Since a lot of spam will skip
your lowest MX (primary) right away for a less-loaded backup MX with
potentially less reliable spam filtering in place, the assumption is that a
lot more spam will make it through a backup MX. I've already confirmed that
that does happen a lot. The theory here is that by setting a non-operational
backup MX record, spam bots will try and then give up on sending spam your
way. Real mail should never try the fake MX record unless all your real mail
servers are down, in which case, you've got other issues to worry about.
2 - Set a fake MX record for a nonexistent server, or for a server that won't
listen on port 25 for your _lowest_ MX value. Essentially, this would make
it look like your primary mail server is always down and every incoming
message would have to get retried to your first "backup" MX. Again, the
assumption is that spam bots will give up after failing to send to the first
MX they try, whereas real email will try your next higher MX record in
priority until it completes a delivery.
I'm curious if others have implemented these strategies and if they've ever
gotten complaints from other mail administrators for any increased load. I
can't imagine it would be noticed honestly and the logic of making it work
sounds promising, even if it is just a pretty bad hack to fool spam bots.
Has anyone ever run into problems with this sort of arrangement?
-N
More information about the gnhlug-discuss
mailing list