On 2012-11-27 01:28, Robert Blayzor wrote:
> For example, we've seen spam come in from valid domains, but have bogus
> MX host records configured. They have valid MX's, but the MX's are
> hostnames that resolve to bogus IP space. So if the spam messages
> happen to get through initial delivery, if there are any bounces that
> create an NDR for any reason the queue will fill up with 100 of messages
> are are trying to be delivered to an MX published record that points to
> something like 10.106.1.10 for example. It's not a common occurrence,
> but we've seen it happen more than a few times.
Technically I already knew what you mean;-) But usually they resolve to
127.0.0.1 or ::1. That's why the exim default config already blacklists
them. I was interested in the domain names themselves resolving to other
bogus IPs. Do you have some?
Greetings, Wolfgang
--
Wolfgang Breyha <wbreyha@???> |
http://www.blafasel.at/
Vienna University Computer Center | Austria