RE: Fake MX Record(s) Trick
mouss is french, you must know ;-) French mouse? ;-) http://disney.go.com/disneyvideos/animatedfilms/ratatouille/ No offense intended of course... it really was a cute movie... Time for vacations! - rh
Re: Fake MX Record(s) Trick
On Mon, 23 Jun 2008, Marc Perkel wrote: Marc Ferguson wrote: Hi, I'm a linux noob and a spam assassin noob so please reply in simplified language. Thanks. I saw on the wiki a trick to use fake mx records in order to weed out spam (http://wiki.apache.org/spamassassin/OtherTricks). I'm using Evolution at home and on my laptop and I have the spamassassin plugin so I'm constantly clicking the junk icon. I have access to my shared web hosting account and I sure do get TONS of spam. I'm a bit confused as to how to implement it though. My web host uses WHM so my form looks something like this: digitalalias.net http://digitalalias.net 14400 IN MX 0 digitalalias.net http://digitalalias.net What is 14400, I'm guessing a port of some kind. Besides that the wiki suggests that my first fake mx record should be set at 10, then my real mx record at 20, and then another fake one at 30. Why is this since my current mx record is set to 0? fake0.example.com http://fake0.example.com 10 realmx.example.com http://realmx.example.com 20 fake1.example.com http://fake1.example.com 30 Hi Marc, I'm the guy who invented the trick and yes it does work. I'm running it with No you aren't. more that 4000 domains and it gets rid of more than half my spam without having to use spamassassin. I use SA too but it's very expensive to run and anything that reduces it will cut your server load. I'm also providing a public server to harvest fake MX info to help build my blacklist. You can use this host for your fake high numbered MX. (Not a low numbered MX though) Que the spamvertising... mail.yourdomain.com 10 tarbaby.junkemailfilter.com 20 -- Happy cheese in fear | Jon Trulson against oppressor, rebel!| mailto:[EMAIL PROTECTED] Brocolli, hostage. -Unknown| #include std/disclaimer.h
Re: Fake MX Record(s) Trick
Robert - elists wrote: mouss is french, you must know ;-) French mouse? mousse means foam. Franciscaner weiss? ;-) http://disney.go.com/disneyvideos/animatedfilms/ratatouille/ No offense intended of course... it really was a cute movie... I loved it. Time for vacations! oh yeah. Barcelona, Estoy viniendo.
Re: Fake MX Record(s) Trick
On Dienstag, 24. Juni 2008 Benny Pedersen wrote: 14400 is 4 hours (4*3660) which is a bit low for an MX 86400 (24 hours) is probably better. nice calc for 4 hours :-) mouss is french, you must know ;-) mfg zmi -- // Michael Monnerie, Ing.BSc- http://it-management.at // Tel: 0660 / 415 65 31 .network.your.ideas. // PGP Key: curl -s http://zmi.at/zmi.asc | gpg --import // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4 // Keyserver: www.keyserver.net Key-ID: 1C1209B4 signature.asc Description: This is a digitally signed message part.
Re: Fake MX Record(s) Trick
Michael Monnerie wrote: On Dienstag, 24. Juni 2008 Benny Pedersen wrote: 14400 is 4 hours (4*3660) which is a bit low for an MX 86400 (24 hours) is probably better. nice calc for 4 hours :-) mouss is french, you must know ;-) yep. I have problems with anything but the metric system :-) (which doesn't mean I don't have problem with the metric system as well...).
Fake MX Record(s) Trick
Hi, I'm a linux noob and a spam assassin noob so please reply in simplified language. Thanks. I saw on the wiki a trick to use fake mx records in order to weed out spam ( http://wiki.apache.org/spamassassin/OtherTricks). I'm using Evolution at home and on my laptop and I have the spamassassin plugin so I'm constantly clicking the junk icon. I have access to my shared web hosting account and I sure do get TONS of spam. I'm a bit confused as to how to implement it though. My web host uses WHM so my form looks something like this: digitalalias.net 14400 IN MX 0 digitalalias.net What is 14400, I'm guessing a port of some kind. Besides that the wiki suggests that my first fake mx record should be set at 10, then my real mx record at 20, and then another fake one at 30. Why is this since my current mx record is set to 0? fake0.example.com 10 realmx.example.com 20 fake1.example.com 30 Marc F. ..Grace to you and peace from Him who is and who was and who is to come.. -Rev1:4
Re: Fake MX Record(s) Trick
On 20.06.08 10:38, Marc Ferguson wrote: I'm a linux noob and a spam assassin noob so please reply in simplified language. Thanks. I saw on the wiki a trick to use fake mx records in order to weed out spam ( http://wiki.apache.org/spamassassin/OtherTricks). I'm using Evolution at home and on my laptop and I have the spamassassin plugin so I'm constantly clicking the junk icon. I have access to my shared web hosting account and I sure do get TONS of spam. I'm a bit confused as to how to implement it though. My web host uses WHM so my form looks something like this: digitalalias.net 14400 IN MX 0 digitalalias.net What is 14400, I'm guessing a port of some kind. it's a TTL of the recotrd. ALL MX ex should have equal TTL, if others don't have any explicitly specified (BIND takes it from other info), don't specify this. Besides that the wiki suggests that my first fake mx record should be set at 10, then my real mx record at 20, and then another fake one at 30. Why is this since my current mx record is set to 0? The numbers is irelevant, only the order is. 0-1-2 will have the same effect as 10-20-30 or 10-95-100. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Posli tento mail 100 svojim znamim - nech vidia aky si idiot Send this email to 100 your friends - let them see what an idiot you are
Re: Fake MX Record(s) Trick
On Fri, 2008-06-20 at 10:38 -0400, Marc Ferguson wrote: Hi, I saw on the wiki a trick to use fake mx records in order to weed out spam (http://wiki.apache.org/spamassassin/OtherTricks). I'm using Evolution at home and on my laptop and I have the spamassassin plugin so I'm constantly clicking the junk icon. I have access to my shared web hosting account and I sure do get TONS of spam. I'm a bit confused as to how to implement it though. My web host uses WHM so my form looks something like this: digitalalias.net 14400 IN MX 0 digitalalias.net What is 14400, The time-to-live. It tells the world how often (in seconds) they should check back to see if this record has changed. You are telling people to check once every 4 hours. I'm guessing a port of some kind. Besides that the wiki suggests that my first fake mx record should be set at 10, then my real mx record at 20, and then another fake one at 30. Why is this since my current mx record is set to 0? Lowest number wins, so to attempt this trick you would need to change your current MX to be some number larger than zero so that a fake MX could be inserted lower. But I'm not convinced that twiddling with fake MX records will reduce your spam level any. -- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com signature.asc Description: This is a digitally signed message part
Re: Fake MX Record(s) Trick
Marc Ferguson schrieb am 20.06.2008 16:38: I saw on the wiki a trick to use fake mx records in order to weed out spam (http://wiki.apache.org/spamassassin/OtherTricks). I'm using Evolution at home and on my laptop and I have the spamassassin plugin so I'm constantly clicking the junk icon. I have access to my shared web hosting account and I sure do get TONS of spam. I'm a bit confused as to how to implement it though. If you don't exactly know what you are doing, don't fiddle with your MX entries. Correctly set up, SpamAssassin is 99.9% accurate even without such special tweaks. With 99.9% I mean that for every 1000 spam I get, at most 1 is not detected. You might have not understood how SpamAssassin works: it simply marks spam as spam, but passes it through into your inbox like any other mail. It is an additional task for you to set up in your mail client or in your mail delivery agent to move marked spam away to some kind of junk folder. SpamAssassin marks found spam with the X-Spam-Flag: YES header. Tschau Alex
Re: Fake MX Record(s) Trick
On Mon, 23 Jun 2008, McDonald, Dan wrote: But I'm not convinced that twiddling with fake MX records will reduce your spam level any. Cue Mr. Perkel... :) -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ [EMAIL PROTECTED]FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- The problem is when people look at Yahoo, slashdot, or groklaw and jump from obvious and correct observations like Oh my God, this place is teeming with utter morons to incorrect conclusions like there's nothing of value here.-- Al Petrofsky, in Y! SCOX --- 11 days until the 232nd anniversary of the Declaration of Independence
Re: Fake MX Record(s) Trick
Marc Ferguson escribió: Hi, I'm a linux noob and a spam assassin noob so please reply in simplified language. Thanks. I saw on the wiki a trick to use fake mx records in order to weed out spam (http://wiki.apache.org/spamassassin/OtherTricks). I'm using Evolution at home and on my laptop and I have the spamassassin plugin so I'm constantly clicking the junk icon. I have access to my shared web hosting account and I sure do get TONS of spam. I'm a bit confused as to how to implement it though. My web host uses WHM so my form looks something like this: digitalalias.net http://digitalalias.net 14400 IN MX 0 digitalalias.net http://digitalalias.net What is 14400, I'm guessing a port of some kind. Besides that the wiki suggests that my first fake mx record should be set at 10, then my real mx record at 20, and then another fake one at 30. Why is this since my current mx record is set to 0? fake0.example.com http://fake0.example.com 10 realmx.example.com http://realmx.example.com 20 fake1.example.com http://fake1.example.com 30 Hey Marc. That is a variation or extension of a technique known as nolisting, which consists on making your primary MX record point to an IP which does not accept SMTP connections (i.e. a fake). In this case, the MX with the lowest priority is also a made a fake because spammers tend to target the lowest priority mail server directly (a spammer breaking the rules, imagine that!) to avoid the usually tighter security of the primary mail server. From http://nolisting.org/: Nolisting requires privileges that are only available to administrators. It is not configurable by end users. To configure Nolisting, an administrator must have the following: * the ability create MX records for the destination domain * a spare /public/ IP address, within the administrator's control, that has no listening service running on SMTP port 25 * cooperation of all staff with administrative control over related network resources * optionally, a packet filter on the IP address specified as the primary MX (recommended) In my opinion this trick sucks for many reasons, two mainly: First, legitimate mail senders lose time and sometimes lose mails (for example unpatched RFC-compliant qmail servers). Second, it's pointless, spammers are already adapting. All they have to do is try all mx records. So du'h. Besides, having fake mx records in your DNS makes *you* non RFC-compliant. ;) Regards /Diego
Re: Fake MX Record(s) Trick
Marc Ferguson wrote: Hi, I'm a linux noob and a spam assassin noob so please reply in simplified language. Thanks. I saw on the wiki a trick to use fake mx records in order to weed out spam (http://wiki.apache.org/spamassassin/OtherTricks). I'm using Evolution at home and on my laptop and I have the spamassassin plugin so I'm constantly clicking the junk icon. I have access to my shared web hosting account and I sure do get TONS of spam. I'm a bit confused as to how to implement it though. My web host uses WHM so my form looks something like this: digitalalias.net http://digitalalias.net 14400 IN MX 0 digitalalias.net http://digitalalias.net What is 14400, I'm guessing a port of some kind. Besides that the wiki suggests that my first fake mx record should be set at 10, then my real mx record at 20, and then another fake one at 30. Why is this since my current mx record is set to 0? fake0.example.com http://fake0.example.com 10 realmx.example.com http://realmx.example.com 20 fake1.example.com http://fake1.example.com 30 Hi Marc, I'm the guy who invented the trick and yes it does work. I'm running it with more that 4000 domains and it gets rid of more than half my spam without having to use spamassassin. I use SA too but it's very expensive to run and anything that reduces it will cut your server load. I'm also providing a public server to harvest fake MX info to help build my blacklist. You can use this host for your fake high numbered MX. (Not a low numbered MX though) mail.yourdomain.com 10 tarbaby.junkemailfilter.com 20
Re: Fake MX Record(s) Trick
Marc Perkel wrote: Marc Ferguson wrote: Hi, I'm a linux noob and a spam assassin noob so please reply in simplified language. Thanks. I saw on the wiki a trick to use fake mx records in order to weed out spam (http://wiki.apache.org/spamassassin/OtherTricks). I'm using Evolution at home and on my laptop and I have the spamassassin plugin so I'm constantly clicking the junk icon. I have access to my shared web hosting account and I sure do get TONS of spam. I'm a bit confused as to how to implement it though. My web host uses WHM so my form looks something like this: digitalalias.net http://digitalalias.net 14400 IN MX 0 digitalalias.net http://digitalalias.net What is 14400, I'm guessing a port of some kind. Besides that the wiki suggests that my first fake mx record should be set at 10, then my real mx record at 20, and then another fake one at 30. Why is this since my current mx record is set to 0? fake0.example.com http://fake0.example.com 10 realmx.example.com http://realmx.example.com 20 fake1.example.com http://fake1.example.com 30 Hi Marc, I'm the guy who invented the trick and yes it does work. ahuh? do you have references for this claimed invention? I'm running it with more that 4000 domains and it gets rid of more than half my spam without having to use spamassassin. I use SA too but it's very expensive to run and anything that reduces it will cut your server load. I'm also providing a public server to harvest fake MX info to help build my blacklist. You can use this host for your fake high numbered MX. (Not a low numbered MX though) mail.yourdomain.com 10 tarbaby.junkemailfilter.com 20
Re: Fake MX Record(s) Trick
Marc Ferguson wrote: Hi, I'm a linux noob and a spam assassin noob so please reply in simplified language. Thanks. I saw on the wiki a trick to use fake mx records in order to weed out spam ( http://wiki.apache.org/spamassassin/OtherTricks). I'm using Evolution at home and on my laptop and I have the spamassassin plugin so I'm constantly clicking the junk icon. I have access to my shared web hosting account and I sure do get TONS of spam. I'm a bit confused as to how to implement it though. My web host uses WHM so my form looks something like this: digitalalias.net 14400 IN MX 0 digitalalias.net What is 14400, I'm guessing a port of some kind. nice try :) it's an (optional) TTL. http://www.zytrax.com/books/dns/ 14400 is 4 hours (4*3660) which is a bit low for an MX 86400 (24 hours) is probably better. Besides that the wiki suggests that my first fake mx record should be set at 10, then my real mx record at 20, and then another fake one at 30. at this stage, I would recommend that you forget about MX tricks and focus on more straightforward measures. tune your SA first. only when you're happy and you've learnt enough about MXes should you try such road. Why is this since my current mx record is set to 0? only the order counts. (10, 20, 30) is the same as (100, 500, 900). fake0.example.com 10 realmx.example.com 20 fake1.example.com 30 Marc F. ..Grace to you and peace from Him who is and who was and who is to come.. Peace to this world... (once wev'e exterminated spammers ;-p) -Rev1:4
Re: Fake MX Record(s) Trick
On Mon, June 23, 2008 21:27, mouss wrote: 14400 is 4 hours (4*3660) which is a bit low for an MX 86400 (24 hours) is probably better. nice calc for 4 hours :-) Benny Pedersen Need more webspace ? http://www.servage.net/?coupon=cust37098