[Mimedefang] MX -> 127.0.0.1
Steffen Kaiser
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Tue Sep 13 07:29:40 EDT 2005
On Mon, 12 Sep 2005, Les Mikesell wrote:
> On Mon, 2005-09-12 at 17:31, Kelson wrote:
>
>> I remember a year or two ago there was a fad in which admins would set
>> up a tertiary or higher MX pointing to 127.0.0.1 in order to hassle spam
>> software that used the highest MX instead of the lowest.
>>
>> I don't know how many of these are still around, and I never thought it
>> was a good idea -- and you can definitely argue that it's a malicious
>> config!
>
> The reason you publish multiple MX addresses in the first place is
> that you know some won't always be reachable. What would you like
> to happen when all but 127.0.0.1 is unreachable?
there was a longly discussion on this list about abusing "Backup-MX"
hosts, because they are most likely not protected the same has the primary
host; therefore it was suggested to publish 127.0.0.1 as the MX entry with
the highest number in assumtion:
a) It will never happen all that the higher priority (aka with lower
number) servers are gone away, and
b) that ratware uses the last-priority server to catch a Backup-Host, that
is not protected so well, but is now using localhost.
Well, the same effort in to detect "bad" MX hosts can be performed by
ratware, hence, this technique can last for short while only, perhaps the
usefullness is gone by now.
So I would agree with you that to publish localhost anywhere in the chain
is possibly not good.
BTW: I wouldn't wonder much, when some ratware (or spammer) usues
completely random addresses.
Bye,
--
Steffen Kaiser
More information about the MIMEDefang
mailing list