[Dshield] Odd sendmail log entries
bobp+dshield at webster.tsc.com
Fri May 6 14:37:49 GMT 2005
"David McGaughey" <mcgoy at plumbearcat.com> writes:
> I was checking my sendmail logs when I noticed a bunch of "loops back to me"
> errors. Sure enough, a dig on one of the offending domains sending the
> e-mails resolves to 127.0.0.1. At almost exactly the same time there was
> another domain with errors in my logs that digs to 0.0.0.0. Is it just a
> misconfiguration or is there some sendmail rewrite rule exploit being
> tested? Any information or experiences on this appreciated.
My experience is that spammers are registering domains to use when
sending spam that have MX records that look like this:
spamdomain.com MX 10 localhost
Bob Poortinga K9SQL
Bloomington, Indiana US
More information about the list