>...
>
>On Wednesday, May 25, 2005, 4:13:45 PM, lists lists wrote:
>>>On Tuesday, May 24, 2005, 6:56:08 AM, Ronan McGlue wrote:
>>>> I added a dummy mx record (lowest preference) as we all know its
>>>> generally the one th spammers target first, which is getting hit with
>>>> about 50% of our daily connections, of which i defer all of them at a
>>>> very low overhead.
>>>
>>>Some of the spammers will eventually notice that your bogus MXer
>>>is not responding and fall back to trying the other MXers.
>
>> Jeff,
>
>> Why would they notice? In my mind, the mailserver would accept the
>> connections and emails, only to silently defer them. And by defer, I
>> mean delete them without any rejection or reply.
You have to be careful about this; Do you mean "accept" the TCP
connection or "accept" the SMTP transaction?
>
>It's probably true that a fake proxy that does a better job of
>pretending to be a real MXer may take longer for the bad guys
>to discover.
This works and is legal for anyone with more than one IP. But
make sure you do use an IP that "belongs" to you, not a RFC1918 or
otherwise reserved address and certainly not a valid address used or
unused that could be allocated to someone else.
You could also just hook up the "spamd" program from the OpenBSD
"pf" suite to permanently tarpit and 450 everything. But greylisting
is probably at least as effective.
>
>However my original reply was referring to an MX record that did
>not connect to a server of any kind, fake or real. That
>arrangement some spammers seem to detect eventually.
I see in my logs, far too many due walk the full 'MX' list,
whether they get 4xx codes or 5xx codes back (but yes, many seem to
always walk "backward").
>
>Jeff C.
>--
>Jeff Chan
>mailto:[EMAIL PROTECTED]
>http://www.surbl.org/
>
>
Paul Shupak
[EMAIL PROTECTED]
