DNS resolves to localhost

Fri, 22 Aug 2014 12:56:07 -0700 

I was looking at the output from logdigest on my egress mail server 
(smtp.ci.juneau.ak.us) and came across these:

System Error Messages:
     aboutres.net. config error: mail loops back to me (MX problem?): 1 Time(s)
     flylib.net. config error: mail loops back to me (MX problem?): 1 Time(s)
     agesub.net. config error: mail loops back to me (MX problem?): 1 Time(s)
     midpoint.agesub.net. config error: mail loops back to me (MX problem?): 1 
Time(s)
     despoina.flylib.net. config error: mail loops back to me (MX problem?): 1 
Time(s)
     lectisternium.aboutres.net. config error: mail loops back to me (MX 
problem?): 1 Time(s)

And sure enough, the sleazy spammers are putting a loopback address in their 
DNS for the domain, 
        mkm@mxg:/etc/mail> host lectisternium.aboutres.net
        lectisternium.aboutres.net has address 127.0.0.1 

Is anyone else seeing these?  What's the best way to block a server for which 
DNS returns a loopback address?  I'd think at the MTA, but a rule might be 
effective too. 
        
Interestingly, the headers (with minor munging on the recipient name) on my 
inbound server show an actual IP address:
Return-Path: <g>
Received: from lectisternium.aboutres.net (lectisternium.aboutres.net 
[138.128.10.69])
     by mxg.ci.juneau.ak.us (8.13.6/8.13.6/SuSE Linux 0.8) with ESMTP id 
s7FHufc5018797
     for <my_user@ci.juneau.**.us>; Fri, 15 Aug 2014 09:56:51 -0800
Content-Type: text/html; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Hot Summer Rewards - Costco Connection
Date: Fri, 15 Aug 2014 10:56:41 -0700
From: Member Rewards <co...@lectisternium.aboutres.net>
Message-ID: <4357.server-1325d972c7b4c47020930095928b359f7...@aboutres.net>
To: < my_user@ci.juneau.**.us>
Reply-to: <co...@aboutres.net>
X-SPF-Scan-By: smf-spf v2.0.2 - http://smfs.sf.net/
Received-SPF: Pass (mxg.ci.juneau.ak.us: domain of 
colinshel...@lectisternium.aboutres.net
     designates 138.128.10.69 as permitted sender)
     receiver=mxg.ci.juneau.ak.us; client-ip=138.128.10.69;
     envelope-from=<colinshel...@lectisternium.aboutres.net>; 
helo=lectisternium.aboutres.net;

I'm wondering if they didn't have valid forward and PTR recoords for the 
duration of the spam run, then changed it. Obviously they would need a valid IP 
for a TCP/IP session and when doing the Forward Confirmed reverse DNS.  But 
maybe 127.0.0.1 works for the FCrDNS - is that configurable?

...Kevin
*(Just to be clear, the messages that were sitting in the outbound queue were 
out of office messages, not bounced spam).  
--
Kevin Miller
Network/email Administrator, CBJ MIS Dept.
155 South Seward Street
Juneau, Alaska 99801
Phone: (907) 586-0242, Fax: (907) 586-4500
Registered Linux User No: 307357

Reply via email to