Re: [exim] Filtering remote MX's by IP

Top Page
Delete this message
Reply to this message
Author: Robert Blayzor
Date:  
To: Wolfgang Breyha
CC: exim-users@exim.org
Subject: Re: [exim] Filtering remote MX's by IP
On Nov 26, 2012, at 7:11 PM, Wolfgang Breyha <wbreyha@???> wrote:
> Usually, if you're using ignore_target_hosts, verification of the domain
> fails since there is no valid MX host left for the domain in question and
> your exim will refuse the domain if used as envelope from.
>
> Mails in the queue most likely will bounce or doublebounce/freeze. Depends
> which returnpath the messages have. Removing them with -Mrm seems reasonable.
>
> Can you give some samples of MX entries pointing to bogus IPs other then
> 127.0.0.1 or ::1?



For example, we've seen spam come in from valid domains, but have bogus MX host records configured. They have valid MX's, but the MX's are hostnames that resolve to bogus IP space. So if the spam messages happen to get through initial delivery, if there are any bounces that create an NDR for any reason the queue will fill up with 100 of messages are are trying to be delivered to an MX published record that points to something like 10.106.1.10 for example. It's not a common occurrence, but we've seen it happen more than a few times.

--
Robert Blayzor
INOC, LLC
rblayzor@???
http://www.inoc.net/~rblayzor/