Send that spam where it belongs

Place to discuss anything, almost. No politics, religion, Microsoft, or anything else that I (the nazi censor) deem inappropriate.
Post Reply
User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Send that spam where it belongs

Post by Void Main » Tue Jan 23, 2007 11:24 pm

I ran across an interesting article today on /.:

http://www.joreybump.com/code/howto/nolisting.html

It's fairly obvious when you think about it and I can't believe I didn't think of and try this before it's so obvious. The basic idea is that spam comes mostly from infected Windows clients, and these clients do not use a mail exchanger but instead send the mail directly to the mail host for the email address they are spamming. They get the mail host via the MX record for the domain which is how everyone else does it but the difference is they do an MX lookup and only try to send the message using the first host (highest priority/lowest numbered host) in the MX record. They try to send the message and whether successful or not they move on to the next email address.

Now real mail exchangers try the highest priority mail server first and if a connection can not be made they go to the next one in the list and try and deliver the message. If none of the mail servers can be reached then it will store the message and try again after a period of time. So, the article suggests that you use an IP address that doesn't accept mail as your highest priority mail server. Virus ridden Windows boxes will try to send mail to that address and not be successful. Real mail going through a mail exchanger will automatically get through on the send address that does accept mail.

Well, I decided this would be very simple to try out myself but I took it a couple of extra steps. I have a couple of domains that I point to my dynamic address and I usually get around 100 spam emails each day on these domains. Now it's not a huge deal because Spamassassin catches 95% of this spam but still it annoys me that these Windows boxes are sending me this garbage using up my bandwidth and server space. Not having extra IP addresses I figured I would just turn this spam back to where it belongs. www.microsoft.com doesn't accept mail. :)

So my MX records have 3 entries. The highest and lowest priority servers point to addresses from the borgs web server cluster and the middle one points to my mail server. So all attempts of sending mail to my domains initially goes to the their web servers and when they don't accept the connection the real mail comes in to my servers. Now the crap goes to where it should go and I don't get it.

This is not a 100% solution as I have still gotten a few but it looks to have cut over 80% of the spam out in the half day it's been running. Spamassassin still catches 95% of that 20% that is left over so I am in good shape. It looks like the few that I have received since doing this came from Windows 2003 machines with exchange server running on it. I suspect those servers are either infected or are part of a spamming operation. There have been around 6 total spam messages come in on both domains in the half day it's been running. Much much better. I suspect if more people do this that the virus writers will get wise and attempt all mail hosts rather than just the first or last mail host.

Of course if they fire up a mail exchanger on their web server cluster all of a sudden all my mail are belong to the borg. :)

Have fun!

User avatar
Calum
guru
guru
Posts: 1349
Joined: Fri Jan 10, 2003 11:32 am
Location: Bonny Scotland
Contact:

Post by Calum » Wed Jan 24, 2007 6:02 am

very clever!

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Wed Jan 24, 2007 3:31 pm

Never mind. It doesn't work as well as I first thought. I am still getting almost as much spam so either the spammers have wised up and are in fact checking all of the MX hosts or they have been doing it all along. Oh well, was an easy test.

kovax
scripter
scripter
Posts: 85
Joined: Mon Jan 24, 2005 9:47 am
Location: Jacksonville, USA
Contact:

Spam, Spam and more Spam

Post by kovax » Tue Jan 30, 2007 10:34 am

Span has gotten so bad that I get it on my blackberry.

Mind you that the company that I work for uses Exchange ($$$$) but I can filter that spam from OutLOCK. The spam that I have been getting lately is going directly to my Blackberry (Cingular account). I have talked to my Exchange admins and they tell me that I need to call Cingular to fix it.

I told them no *I* don't.You assigned me this pager and *YOU* need to call them. They said it is left up to me. So what I did was just set all my regular messages to silent and all I get is my Level 1 messages. Mind you this is just a band aid but at least I don't get awakened in the middle of the night.

I hate SPAM!!!!!

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Jan 30, 2007 10:43 am

You know they also use Exchange where I work not that it really has any impact on spam. We use a front-end service called postini:

http://www.postini.com/

I understand it works pretty well, however, I have not received a single piece of spam in my work email account not because of postini but just because I have never given my email out to any outside address. I am actually surprised that in the 4 years I have been at this job I haven't gotten on some spam list with it. I always use a yahoo.com address when I need to give my email address that I know will attract spam. On my own personal mail servers my spamassassin setup catches 99% of it but the part that annoys me is I can't reject it when the connection is made, I just have to divert it to a system-wide spam folder.

Post Reply