Author: W B Hacker Date: To: exim users Subject: Re: [exim] How to check to see if email went through gateway first
Always Learning wrote: > Frank DeChellis wrote on Fri, 09 Apr 2010 23:52:06 -0400.
>
>
>> ......... The filter
>> works great, but lots of mail is still getting sent directly to our SMTP
>> server. I can say, with great certainty, that 100.1% of the email going
>> directly to our SMTP is spam.
>
> May I suggest you immediately change the IP address of your mail servers
> - primary and secondary ? It is a quick DNS change and a quick
> configuration change to your (*nix?) operating system settings. You can
> decide whether to retain or change the original MX host names.
> Personally I would change the MX host names to reflect the (slightly)
> different IP addresses.
>
> Legitimate emails will use the new MX addresses and the spammers will
> continue to use the previous stored MX address which becomes absolutely
> worthless to the mindless brain-dead morons.
>
>
> Paul
> England, EU.
>
Not quite.
The 'mindless brain-dead morons' do not necessarily look at either DNS or history.
No need.
Their countless legions of compromised WinBots have the resources to simply
probe all IP in a block looking for a response on port 25.
I'd suspect there might be some programming to target 'more likely' IP blocks,
such as the pools from which collocation providers issue IP to their basic data
center customers. But not much more intelligence than that.
Think about it - how were the 'bots compromised in the first place? And what DNS
where *they* in?
Easily observed with tcpdump, if not your firewall logs, BTW. Despite a
(hopefully) lower than Whale-feces chance of success, one can even even find
parasites trying to get into port 587 within a short time of bringing a box up
on a 'new' IP.
To bend a trite phrase:
'never ascribe to intelligence what can be more simply explained by malice'