[SLUG] Poking around for SPAM origins

Mon, 22 Nov 2004 03:17:52 -0800 

I was just going to send this to the committee but damn-it, it's a 
technical query, related to DNS & Spam protection - just happens to 
involve SLUG emails. May interest others.

I've noticed an awful lot of SPAM++ we get goes through various bur.st 
mailservers. Took me a while to realise slug uses these as backup MX 
servers.
;; ANSWER SECTION:
slug.org.au.            37805   IN      MX      10 slug.org.au.
slug.org.au.            37805   IN      MX      20 mail3.bur.st.
slug.org.au.            37805   IN      MX      20 mail4.bur.st.
slug.org.au.            37805   IN      MX      20 mail5.bur.st.
slug.org.au.            37805   IN      MX      30 maddog.slug.org.au.

According to http://bur.st these are supposed to flag SPAM for us - but 
maybe it doesen't work for backup MX's?? Actually on further reading 
here:-
http://bur.st/support.html#Spam_filtering
It says they filter stuff at mail1.bur.st but don't mention the others.

In our experience at EverythingLinux you've gotta sort the SPAM out at
each of the MX servers.  I think the other bur.st MX's are the weak links
(particularly mail5.bur.st aka squeak.bur.st), plus since maddog's up all
the time mail never filters down to mail1.bur.st and maddog's more prone
to accepting SPAM from the backup MX hosts.

I suggest we reduce the MX records such that it's like this:-
slug.org.au.            37805   IN      MX      10 slug.org.au.
slug.org.au.            37805   IN      MX      20 mail1.bur.st.
slug.org.au.            37805   IN      MX      30 maddog.slug.org.au.
and see how that affects the spam situation. Duh.. then again mx 10 and 30 
are in fact the same host IP so that narrows it down to 2, the first 2 
above.


++ Examples are the recent rounds of Rolex adverts, Bank frauds and sex 
toys - mostly the stuff with utf-8 subjects too. Maybe the utf-8 is as 
hard to read by spam protection as it is for me using pine :-)

 -- 
---<GRiP>---
Electronic Hobbyist, Former Arcadia BBS nut, Occasional nudist, 
Linux Guru, SLUG Secretary, AUUG and Linux Australia member, Sydney 
Flashmobber, Tenpin Bowler, BMX rider, Walker, Raver & rave music 
lover, Big kid that refuses to grow up. I'd make a good family pet, 
take me home today!
        Some people actually read these things it seems.


-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Reply via email to