Marc Haber wrote: > On Tue, 7 Oct 2008 10:41:45 +0300, "Mike Barnard" > <[EMAIL PROTECTED]> wrote: >> On Tue, Oct 7, 2008 at 6:46 AM, Exim List <[EMAIL PROTECTED]> wrote: >>> We have a machine with several domains. The MX record for these domains >>> is pointed to a spam filter appliance. >>> >>> Alas, spammers don't play fair. They choose to connect directly to the >>> IP address(es) of the domains on the box and still send their spam that >>> way. >> you lost me there.... if the the MX records are the spam filter >> appliances... how did they get the IP addresses of the actual smtp >> servers... > > Most probably, the spam filter appliances are new and the MX records > used to point to the actual SMTP servers. Some Spamware comes with a > list of IP addresses to deliver to and doesn't care about MX records > to speed up delivery, so their data base might be outdated, which is > an advantage for the Spammer in the OP's case.
My experience is that some spammers look for mail.* and simply try to connect directly to that. When you are dealing with a brand new startup, you can plan around that. When you are dealing with legacy domains and legacy customer bases, especially in acquisitions, you can't force a bunch of changes, at least all at once. -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
