Marc Ferguson escribió:
Hi,
I'm a linux noob and a spam assassin noob so please reply in
simplified language. Thanks.
I saw on the wiki a trick to use fake mx records in order to weed out
spam (http://wiki.apache.org/spamassassin/OtherTricks). I'm using
Evolution at home and on my laptop and I have the spamassassin plugin
so I'm constantly clicking the "junk" icon. I have access to my
shared web hosting account and I sure do get TONS of spam. I'm a bit
confused as to how to implement it though. My web host uses WHM so my
form looks something like this:
digitalalias.net <http://digitalalias.net> 14400 IN MX 0
digitalalias.net <http://digitalalias.net>
What is 14400, I'm guessing a port of some kind. Besides that the
wiki suggests that my first fake mx record should be set at 10, then
my real mx record at 20, and then another fake one at 30. Why is this
since my current mx record is set to 0?
fake0.example.com <http://fake0.example.com> 10
realmx.example.com <http://realmx.example.com> 20
fake1.example.com <http://fake1.example.com> 30
Hey Marc.
That is a variation or extension of a technique known as "nolisting",
which consists on making your primary MX record point to an IP which
does not accept SMTP connections (i.e. a fake). In this case, the MX
with the lowest priority is also a made a fake because spammers tend to
target the lowest priority mail server directly (a spammer breaking the
rules, imagine that!) to avoid the usually tighter security of the
primary mail server.
From http://nolisting.org/:
Nolisting requires privileges that are only available to administrators.
It is not configurable by end users. To configure Nolisting, an
administrator must have the following:
* the ability create MX records for the destination domain
* a spare /public/ IP address, within the administrator's control,
that has no listening service running on SMTP port 25
* cooperation of all staff with administrative control over related
network resources
* optionally, a packet filter on the IP address specified as the
primary MX (recommended)
In my opinion this "trick" sucks for many reasons, two mainly: First,
legitimate mail senders lose time and sometimes lose mails (for example
unpatched RFC-compliant qmail servers).
Second, it's pointless, spammers are already adapting. All they have to
do is try all mx records. So du'h.
Besides, having fake mx records in your DNS makes *you* non
RFC-compliant. ;)
Regards
/Diego
