On Mon, 12 Sep 2005, Les Mikesell wrote:
On Mon, 2005-09-12 at 17:31, Kelson wrote:
I remember a year or two ago there was a fad in which admins would set
up a tertiary or higher MX pointing to 127.0.0.1 in order to hassle spam
software that used the highest MX instead of the lowest.
I don't know how many of these are still around, and I never thought it
was a good idea -- and you can definitely argue that it's a malicious
config!
The reason you publish multiple MX addresses in the first place is
that you know some won't always be reachable. What would you like
to happen when all but 127.0.0.1 is unreachable?
there was a longly discussion on this list about abusing "Backup-MX"
hosts, because they are most likely not protected the same has the primary
host; therefore it was suggested to publish 127.0.0.1 as the MX entry with
the highest number in assumtion:
a) It will never happen all that the higher priority (aka with lower
number) servers are gone away, and
b) that ratware uses the last-priority server to catch a Backup-Host, that
is not protected so well, but is now using localhost.
Well, the same effort in to detect "bad" MX hosts can be performed by
ratware, hence, this technique can last for short while only, perhaps the
usefullness is gone by now.
So I would agree with you that to publish localhost anywhere in the chain
is possibly not good.
BTW: I wouldn't wonder much, when some ratware (or spammer) usues
completely random addresses.
Bye,
--
Steffen Kaiser
_______________________________________________
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
[email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
