[Mimedefang] Many many MX records
WBrown at e1b.org
WBrown at e1b.org
Tue Jan 13 16:52:39 EST 2004
Today I saw an email flood that was sending to our mail filter and
directly to the mail server. Both have MX records for the domain, with
the filter just having a lower preference value. The traffic was coming
from a number of cable modem sites. MD was successfully tempfailiing it
and it never seemed to retry. The flood almost looked like they were just
picking an MX record without regard for preference. Adding a firewall
rule to block access directly to the mail server stopped the flood going
to it. I did not get a report from the firewall guy on how much it was
getting triggered.
This led me to wonder what would happen if I registered a bunch of high
valued MX records, ie:
Domain.com IN MX 10 mailfilter.domain.com
Domain.com IN MX 100 bogusaddress.domain.com
Domain.com IN MX 100 bogusaddress.domain.com
Domain.com IN MX 101 bogusaddress.domain.com
Domain.com IN MX 102 bogusaddress.domain.com
Domain.com IN MX 103 bogusaddress.domain.com
Domain.com IN MX 104 bogusaddress.domain.com
.
.
.
Domain.com IN MX 196 bogusaddress.domain.com
Domain.com IN MX 197 bogusaddress.domain.com
Domain.com IN MX 198 bogusaddress.domain.com
Domain.com IN MX 199 bogusaddress.domain.com
Domain.com IN MX 200 bogusaddress.domain.com
bogusaddress.domain.com IN A 127.0.0.1 ; or some other totally bogus
address
Legitimate mail servers would clearly try for the low valued MX record.
Would this fool some of the ratware? Would I get only a small fraction of
the junk going to my servers?
More information about the MIMEDefang
mailing list