fake MX records

[ram <ra...@netcore.co.in>]

http://wiki.apache.org/spamassassin/OtherTricks    this page mentions
setting up fake MXes 

Is this method relevant today too with a lot of spam being relayed
through proper smtp channels 

The page says the primary MX should not be accepting connections at all.
Has anyone else tried this , will this cause delay in my mail 


Thanks
Ram

Re: fake MX records

[Kai Schaetzl <ma...@conactive.com>]

Marc Perkel wrote on Tue, 14 Aug 2007 14:52:22 -0700:

> So what do you attribute my success in getting rid of all bot spam to?

As I don't know your setup this would be pure speculation. However, as *I* 
am not using fake MXs, but several other MTA techniques and see not much 
Botnet spam either I would suspect that it's rather the other techniques 
that cut it.
On the other hand, I wonder how you can collect so much spam or spammer 
IPs (as you claim and I believe it) if no Botnet spam reaches you.

Please, don't use HTML on mailing lists, thanks!

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Re: fake MX records

["Daryl C. W. O'Shea" <sp...@dostech.ca>]

On 8/15/2007 11:46 AM, Marc Perkel wrote:
> 
> 
> Daryl C. W. O'Shea wrote:
>> On 8/14/2007 5:52 PM, Marc Perkel wrote:
>>>
>>>
>>> Kai Schaetzl wrote:
>>>> Marc Perkel wrote on Tue, 14 Aug 2007 07:13:16 -0700:
>>>>
>>>>  
>>>>> I'm using it on 1600 domains and it definitely works. I get not bot 
>>>>> spam at all.
>>>>>     
>>>>
>>>> I doubt that this is because you have a fake low MX.
>>>>
>>>> Kai
>>>>   
>>>
>>> So what do you attribute my success in getting rid of all bot spam to?
>>
>> Perhaps to the other "hundreds or tricks" that you've repeatedly 
>> claimed you use to block 99% of spam before it gets to SpamAssassin?
> 
> Maybe I have a better idea about what's working on my servers than you 
> do. Having fake high and low MX records will get rid of almost all of 
> your bot spam. It's that easy.

Maybe, if you weren't just trying to troll, you wouldn't ask for what 
others "attribute your success to" and then get all pissy when they respond.

Regardless, if you really believe that you never fail to receive mail 
from others attempting to send mail to your customers you're (i) lying 
to yourself or simply lack understanding of the reality of the MTA 
landscape and (ii) are doing your customers a huge disservice -- more of 
a disservice than if you still used a "fake MX" but at least realized 
the reality of the consequences that you continuously deny.


Daryl

Re: fake MX records

[Marc Perkel <ma...@perkel.com>]

Daryl C. W. O'Shea wrote:
> On 8/14/2007 5:52 PM, Marc Perkel wrote:
>>
>>
>> Kai Schaetzl wrote:
>>> Marc Perkel wrote on Tue, 14 Aug 2007 07:13:16 -0700:
>>>
>>>  
>>>> I'm using it on 1600 domains and it definitely works. I get not bot 
>>>> spam at all.
>>>>     
>>>
>>> I doubt that this is because you have a fake low MX.
>>>
>>> Kai
>>>   
>>
>> So what do you attribute my success in getting rid of all bot spam to?
>
> Perhaps to the other "hundreds or tricks" that you've repeatedly 
> claimed you use to block 99% of spam before it gets to SpamAssassin?

Maybe I have a better idea about what's working on my servers than you 
do. Having fake high and low MX records will get rid of almost all of 
your bot spam. It's that easy.

>
>

Re: fake MX records

["Daryl C. W. O'Shea" <sp...@dostech.ca>]

On 8/14/2007 5:52 PM, Marc Perkel wrote:
> 
> 
> Kai Schaetzl wrote:
>> Marc Perkel wrote on Tue, 14 Aug 2007 07:13:16 -0700:
>>
>>   
>>> I'm using it on 1600 domains and it definitely works. I get not bot spam 
>>> at all.
>>>     
>>
>> I doubt that this is because you have a fake low MX.
>>
>> Kai
>>   
> 
> So what do you attribute my success in getting rid of all bot spam to?

Perhaps to the other "hundreds or tricks" that you've repeatedly claimed 
you use to block 99% of spam before it gets to SpamAssassin?

Re: fake MX records

[Marc Perkel <ma...@perkel.com>]

Kai Schaetzl wrote:
> Marc Perkel wrote on Tue, 14 Aug 2007 07:13:16 -0700:
>
>   
>> I'm using it on 1600 domains and it definitely works. I get not bot spam 
>> at all.
>>     
>
> I doubt that this is because you have a fake low MX.
>
> Kai
>   

So what do you attribute my success in getting rid of all bot spam to?

Re: fake MX records

[Kai Schaetzl <ma...@conactive.com>]

Marc Perkel wrote on Tue, 14 Aug 2007 07:13:16 -0700:

> I'm using it on 1600 domains and it definitely works. I get not bot spam 
> at all.

I doubt that this is because you have a fake low MX.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com

Re: fake MX records

[Marc Perkel <ma...@perkel.com>]

Kshatriya wrote:
> On Tue, 14 Aug 2007, ram wrote:
>
>> The page says the primary MX should not be accepting connections at all.
>> Has anyone else tried this , will this cause delay in my mail
>
> It almost doesn't work anymore. Better try adaptive greylisting, with 
> some whitelists so you don't notice too much of delays.
>
> K.
>
>

I'm using it on 1600 domains and it definitely works. I get not bot spam 
at all. I didn't even know what PDF spam was untill I was it discussed here.

Re: fake MX records

[Robert Schetterer <ro...@schetterer.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kshatriya schrieb:
> On Tue, 14 Aug 2007, ram wrote:
> 
>> The page says the primary MX should not be accepting connections at all.
>> Has anyone else tried this , will this cause delay in my mail
> 
> It almost doesn't work anymore. Better try adaptive greylisting, with
> some whitelists so you don't notice too much of delays.
> 
> K.
> 
fake mx do work, but dont expect to much, as most of the
bots learned to come again to defend greylisting , they also
learned fake mx.
you will have a delay with fake mx but its very small.

In my case i was bombed with connects and fake mx
reduced them about 10 percent , i think these are very old spam bot
variants who still agressing against my very old three letter domain.

I would say fake mx are nice to have , but its not a must have in
antispam these days,

I included    reject_unknown_reverse_client_hostname
in my postfix ,this,  it seems is very efficient , in my case,i noticed
to block spam mail in early client stage.
Also fail2ban does a good job with dictionary attacks,
for sure you should have all other recommended
antispam settings like reject_unknown_sender_domain etc
including greylisting, policy_weight, spf, dkim
in your mail server.

- --
Mit freundlichen Gruessen
Best Regards

Robert Schetterer

Germany/Bavaria/Munich
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFGwa/jfGH2AvR16oERAsbJAJ9iRo0H+YesZN1+fjMXu3iqpL1wFQCdHlUZ
82eAcB03SfJP4j7xuh9NbiU=
=mMcc
-----END PGP SIGNATURE-----

Re: fake MX records

[Kshatriya <ks...@gmail.com>]

On Tue, 14 Aug 2007, ram wrote:

> The page says the primary MX should not be accepting connections at all.
> Has anyone else tried this , will this cause delay in my mail

It almost doesn't work anymore. Better try adaptive greylisting, with some 
whitelists so you don't notice too much of delays.

K.