Comments on: Virus and spam ignores MX records

by: Lemat

Thu, 22 Sep 2005 09:43:45 +0000

I have seen such behaviour a few years ago, I recommend having exactly the same configuration (blacklists, whitelists, body patterns etc.) on primary and backup MXes. The primary MX should have it’s backups whitelisted to avoid unnecessary DSNs sent to the forged sender adresses - such behaviour is even worse than having a virus! Many lame postmasters don’t know that there should be postmaster@ and abuse@ email adresses for every domain they have (and they must be whitelisted) to be able to contact them.

by: Administrator

Tue, 20 Sep 2005 06:59:26 +0000

Except in one case I saw, the misused server wasn’t in the MX records. Maybe they were once upon a time, but not anymore at least.

by: fsteinel

Mon, 19 Sep 2005 23:07:15 +0000

Usually the Spammer uses the backup MX, meaning the MX with the hihgest “number”, e.g.
example.com. IN MX 30 viruscheck-mx.example.com.
example.com. IN MX 80 dumb-mx.example.com.
The spammer picks dumb-mx.example.com.