fake mx records

Need help? Ask here.

Moderator: Moderators

Post Reply
cbrace
Posts: 23
Joined: Sun Dec 31, 2006 5:01 am
Location: Amsterdam
Contact:

fake mx records

Post by cbrace »

Hi,

I was browsing the SpamAssassin wiki, and came across this suggestion:
Other Trick For Blocking Spam

This section is for other tricks to block spam that may or may not directly relate to SpamAssassin.

Fake MX Records

Fake MX records can work like greylisting and often much faster. It doesn't require the installation of new software. What you do is add a fake highest and lowest MX record. Normal email will probably retry but spammers often don't. This is especially true of virus infected windows zombie spam. Here's an example MX configuration.

fake0.example.com 10
realmx.example.com 20
fake1.example.com 30

The fake records can either be undefined or can point to dead IP addresses or to real IP addresses with port 25 closed. On the lowest numbered MX be sure it's pointed to a closed port because if you just use a temporary error then Qmail, which is not RFC compatible, will never move up to the next MX record.
(http://wiki.apache.org/spamassassin/OtherTricks)

I was wondering whether anyone here has tried this and whether there are any risks involved.
Black20VT
Posts: 134
Joined: Sat Nov 05, 2005 12:35 pm
Location: UK
Contact:

Post by Black20VT »

cbrace
Posts: 23
Joined: Sun Dec 31, 2006 5:01 am
Location: Amsterdam
Contact:

Post by cbrace »

Thanks for the pointer.

I've added a fake lowest-priority MX; will see how that goes.
Black20VT
Posts: 134
Joined: Sat Nov 05, 2005 12:35 pm
Location: UK
Contact:

Post by Black20VT »

cbrace wrote:I've added a fake lowest-priority MX; will see how that goes.
Keep us posted, as I'm interested to know how this works out for you.

Thanks.
cbrace
Posts: 23
Joined: Sun Dec 31, 2006 5:01 am
Location: Amsterdam
Contact:

Post by cbrace »

Black20VT,

I haven't seen a dramatic change in smtp traffic. Nor have I seen any issues with it, but I am not sure how I would know if there were any. In any case, as most of you are probably aware, the number one technique for handling spam these days is greylisting. I've been using openBSD spamd, which stops about 90% of the spam. Most of the remaining 10% is caught by spamassassin. Since a huge volume of my incoming spam is sent to non-existent accounts within my domains, I' ve added these to spamd as "greytrapping" addresses, which ties up the resources of the smtp servers sending spam. For this reason, I haven't added a hightest-priority fake MX record, since I welcome the opportunity to gum up the spammers systems, at least for the average 10 minute or so they it takes them to try to complete a transaction with spamd. To run spamd in this way requires truly minimal resources on my part. 8)

All for now...
Post Reply