[Dshield] Odd sendmail log entries

Bob Poortinga bobp+dshield at webster.tsc.com
Fri May 6 14:37:49 GMT 2005


"David McGaughey" <mcgoy at plumbearcat.com> writes:
 
> I was checking my sendmail logs when I noticed a bunch of "loops back to me"
> errors.  Sure enough, a dig on one of the offending domains sending the
> e-mails resolves to 127.0.0.1.  At almost exactly the same time there was
> another domain with errors in my logs that digs to 0.0.0.0.  Is it just a
> misconfiguration or is there some sendmail rewrite rule exploit being
> tested?  Any information or experiences on this appreciated.

My experience is that spammers are registering domains to use when
sending spam that have MX records that look like this:

spamdomain.com  MX 10 localhost

-- 
Bob Poortinga  K9SQL
Bloomington, Indiana  US



More information about the list mailing list