[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] host named "mail" that is not an MX

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Markus Stumpf writes:
> On Thu, Jun 02, 2005 at 12:42:35PM -0700, william(at)elan.net wrote:
> > First I heard of it, but it would sure explain some things as to why I
> > still receive on my mail server messages for old domains no longer there
> > that we're not even relaying for. I never kept any statistics though and 
> > don't think its significant (but maybe its just because those domains have 
> > always had less mail than active ones).
> 
> I've seen this on some of our central mailservers, too. IMHO this is
> because of stale DNS entries in broken DNS caching software. But I have
> always wondered why e.g. mail.space.net is spammed with mails for
> @space.net even if it is not in the MX list. This is not because of stale
> DNS entries (the MX has never been there).
> IMHO spammers think that if a mail.example.com exists and accepts mails
> (aka port 25 is connected) but is not the MX it may be a "shielded" weak
> server and the official best MX runs antispam and antivirus software but the
> hidden mailserver is an easy victim.

aha, that's it, you're right.  This is the Postini recommended
configuration, from what I've heard, so that probably explains it.
(handy to know, if you're running into Postini FP'ing on your mail ;)
e.g.:

: jm 358...; dig infoworld.com mx

; <<>> DiG 9.2.4 <<>> infoworld.com mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50691
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;infoworld.com.                 IN      MX

;; ANSWER SECTION:
infoworld.com.          86400   IN      MX      300 infoworld.com.s8b1.psmtp.com.
infoworld.com.          86400   IN      MX      400 infoworld.com.s8b2.psmtp.com.
infoworld.com.          86400   IN      MX      100 infoworld.com.s8a1.psmtp.com.
infoworld.com.          86400   IN      MX      200 infoworld.com.s8a2.psmtp.com.

;; AUTHORITY SECTION:
infoworld.com.          40465   IN      NS      ns1.infoworld.com.
infoworld.com.          40465   IN      NS      ns1.infoworldtestcenter.com.
infoworld.com.          40465   IN      NS      ns2.infoworld.com.
infoworld.com.          40465   IN      NS      ns3.infoworld.com.

;; ADDITIONAL SECTION:
ns1.infoworld.com.      20056   IN      A       64.95.97.72
ns1.infoworldtestcenter.com. 98495 IN   A       207.217.205.3
ns2.infoworld.com.      32907   IN      A       206.14.107.138
ns3.infoworld.com.      32907   IN      A       206.14.107.135

;; Query time: 31 msec
;; SERVER: 204.127.198.19#53(204.127.198.19)
;; WHEN: Thu Jun  2 17:34:44 2005
;; MSG SIZE  rcvd: 346

: exit=0 Thu Jun  2 17:34:44 PDT 2005; cd /home/jm/ftp/spamassassin/t
: jm 359...; telnet mail.infoworld.com 25
Trying 64.95.97.93...
Connected to mail1.infoworld.com.
Escape character is '^]'.
220 mail1.infoworld.com ESMTP Postfix (Debian/GNU)
^]
telnet> q
Connection closed.


- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFCn6XlMJF5cimLx9ARArn5AJ0Qx3vOsoy4UxzvhNuGXB7w+bkImwCeO6Yn
ze2n9vq6shYbBZJdS6U3W3E=
=hKzG
-----END PGP SIGNATURE-----


_______________________________________________
Asrg mailing list
Asrg at ietf.org
https://www1.ietf.org/mailman/listinfo/asrg