On 28/1-2004, at 9.43, Derrick T. Woolworth wrote:
Thomas,
If I understand what you're saying, you want to prevent spammers from circumventing your filtering server, correct?
bingo!
And how exactly do the spammers go about âcircumventing your filtering serverâ?
I find it rather unlikely that spammers are telepathically guessing the IP address of your real mail server, when it does NOT appear in any published MX record.
I can only think of three plausible scenarios.
1) You are running www.elements.dk or elements.dk (if that's the domain you're talking about) on the same IP address of your real mail server. That is, your MX records list a different host, which forwards mail to your mail server, with your real mail server being the www.elements.dk box. In this case, the spammers ignore the MX records and try the A record for your domain.
2) Your real mail server has an easily-predictable name, such as mail.elements.dk, while your MX records indicate something else, and the spammers guessed what the likely name of your real mail server is.
I do not find it plausible that your real mail server is located on an IP address that is not listed anywhere, and somehow the spammers magically know what it is. This makes no sense whatsoever. If you think this is happening, you should think again. Something else is going on, which you will need to investigate what it is.
3) I may accept the most strenuous scenario where you are representing a well known, large domain, on the league of aol.com, that the spammers might've port-scanned your entire IP addresses and identified your real, unprotected mail server. Against, this is a very, very big stretch of imagination.
pgp00000.pgp
Description: PGP signature
