On Mon, 20 Dec 2004, Chris Thompson wrote:
| One thing about that domain name is that it has A records refering to
| the hosts that used to accept mail directly, as well as the MX record
| that now points only to the central switch. I have often wondered whether
| there are spam engines that try A records before (or instead of) MX
| ones, in the same way that they try higher-numbered MX records before
| (or instead of) lower-numbered ones.
Almost certainly.
ISTR some of the viruses did this. Probably just randomly tried all the A
and MX records they could find for a domain.
Which goes to show the non-MX hosts need to be firewalled for port 25, or
have some means of blocking such attempts, such as an Exim ACL.
--
Chris Edwards, Glasgow University Computing Service