[Mailman-Developers] Opening up a few can o' worms here...

John W Baxter jwblist@olympus.net
Tue, 16 Jul 2002 22:08:35 -0700 

At 17:28 -0700 7/16/2002, Chuq Von Rospach wrote:
>On 7/16/02 5:35 PM, "Bob Puff@NLE" <bob@nleaudio.com> wrote:
>
>> I've seen the next generation of spammer software at work recently.
>>Spammer's
>> machine makes direct SMTP connection to my box
>
>
>Actually, the REAL state of the art is that they look up your MX records,
>and do this to the HIGHEST ranked one (not the lowest). This is on the (it
>turns out, quite valid) assumption that it won't be spamblocked as well as
>the main MX relay is, but will be validated to forward stuff in to you. And
>where they're trying that, we're finding it works (grumble grr) damn well.
>
>Which means some of the assumptions we make on allowing, say, me on
>plaidworks to generate email as chuq@apple.com and forward it to someone at
>Apple are rapidly becoming obsolete, and how we design our backup MX systems
>need to be looked at, also.

The least-preferred MX ploy isn't terribly new.  They don't even have to
try the least-preferred first...just keep trying when rebuffed until one
works (what...5xx means permanent?...hah).

By the way, I saw a neighbor ISP shoot itself in the foot with a backup MX
a couple of years ago (they reacted very quickly and very well when I
called them, and fixed the problem, and now their mail goes to outsourced
scanning before reaching them anyhow).

They had their backup MX with a well known large provider and backbone (now
part of a very well known very troubled organisation (spelling
intentional)).  And their backup MX got into one of the relay blocking
lists.  And it was an RBL they used (without exempting their own backup MX
from checking).

It took a bit of header reading to figure out why we sometimes couldn't
send mail to them but the bounces weren't immediate.  But only a bit.

I don't think one can reasonably use a backup MX one doesn't control, these
days (I suppose for Apple, that means Austin backs up Cupertino, and...).

   --John

-- 
John Baxter   jwblist@olympus.net      Port Ludlow, WA, USA