[Dshield] DNS MX and SPAM again

Lauro, John jlauro at umflint.edu
Tue Sep 16 03:12:29 GMT 2003


You did not mention what your domain is, so I was not able to verify
that DNS is correct.  You said they were recently "regerated".  If
they were regenerated with lower serial numbers (such as from a 4
digit year to a 2 digit year), it is possible there is old data out
there, causing other servers to refuse to take the new info.

There are some mail programs that are too stupid to understand MX
records, and only deliver to A records (or try A first, and then fall
back to a smart mailer).  However, that is far less common today then
10 years ago, and these days it is more likely spam then broken
MTAs...


> -----Original Message-----
> From: Robert Dodd [mailto:bobdodd at sheperd.com]
> Sent: Monday, September 15, 2003 10:21 PM
> To: 'General DShield Discussion List'
> Subject: [Dshield] DNS MX and SPAM again
> 
> Please consider the following. The domain that I manage has two
properly
> configured MX records which are routed through our firewall to an
anti-
> spam
> appliance. Here's the problem, our firewall is rejecting attempts to
> connect
> on port 25 of our domain's A record at the rate of ten per second.
Do some
> mail servers try the "A" record even when "MX" records are
available? Or
> is
> this another symptom of spam gone wild?
> 
> Our DNS records are hosted by our "major" ISP (not this one, I'm at
home).
> We have recently changed ISPs and completely regenerated our DNS
records.
> 
> To restate the problem in extreme shorthand:
> A .100
> MX .104 preference 10
> MX .103 preference 20
> 
> Why are connections attempted on port 25 of .100 ?
> 
> 
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list