Re: [exim] Am I an open relay or aren't I?

Pàgina inicial
Delete this message
Reply to this message
Autor: Alun
Data:  
A: Exim users list
Assumpte: Re: [exim] Am I an open relay or aren't I?
"Alan J. Flavell" <a.flavell@???> said, in message
Pine.LNX.4.64.0605121042260.28217@???:

> > I've been meaning to do something like this for a while. The
> > corollory would be, after moving the IP, to firewall the old IP and
> > watch the firewall logs.
>
> OK, I wasn't sure if my throwaway remark above would raise any
> interest, but, as it has (thanks for reporting the results of your
> experiment!), maybe I could add just a bit of detail.


It's interesting just how crazy some of this spamware is! I wonder what
percentage of the world's MX records (when resolved down to the IP address
level) have stayed the same over the course of 2.5 years (which is the highest
figure I can prove from my logs).

I've spotted one possible problem with this approach here. Someone who
controls the DNS for a domain could register an MX record pointing to
a machine on our network. If they then mail an address at that domain
from e.g. hotmail, hotmail will attempt to connect to it and the firewall
will log it, leading to the blacklisting of one of hotmail's outbound
servers. I've discovered this because someone appears to have done just
that (well, they've hit messagelabs, but still...)!

Cheers,
Alun.

p.s. 2007 hosts and counting.

-- 
Alun Jones                       auj@???
Systems Support,                 (01970) 62 2494
Information Services,
University of Wales, Aberystwyth