[Apologies for missing References headers; I've just subscribed and I'm replying to a message seen on the web archive]
Another interesting data point: I've been large numbers of HELOs from netzero.com, but with a twist. We are seeing them to one particular domain which has long been the subject of brute-force spamming (ie lots of attempts to mail non-existent local parts) but we are seeing these not only on the two listed MXes for the domain, but also on the machine that *used* to be the MX for the domain (the MX record's target changed IP address months ago). I can't believe that this is broken DNS caching but rather am guessing that the zombied hosts sending these mails out have something hardcoded for some bizzare reason. There's absolutely nothing in the DNS for this domain that would suggest trying this host, MX, A, or otherwise. Or is there another explanation that anyone can think of? Cheers, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
