Re: [exim] Spam engine note

Top Page
Delete this message
Reply to this message
Author: Chris Edwards
Date:  
To: exim-users
Subject: Re: [exim] Spam engine note
On Mon, 20 Dec 2004, Chris Thompson wrote:

| One thing about that domain name is that it has A records refering to
| the hosts that used to accept mail directly, as well as the MX record
| that now points only to the central switch. I have often wondered whether
| there are spam engines that try A records before (or instead of) MX
| ones, in the same way that they try higher-numbered MX records before
| (or instead of) lower-numbered ones.


Almost certainly.

ISTR some of the viruses did this. Probably just randomly tried all the A
and MX records they could find for a domain.

Which goes to show the non-MX hosts need to be firewalled for port 25, or
have some means of blocking such attempts, such as an Exim ACL.

--
Chris Edwards, Glasgow University Computing Service