Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ***SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6}

From: Paul Schmehl <pauls () utdallas edu>
Date: Sat, 14 Oct 2006 12:17:51 -0500
--On October 14, 2006 1:44:04 AM -0400 Valdis.Kletnieks () vt edu wrote:


On Fri, 13 Oct 2006 22:52:12 CDT, you said:


I'm not sure what you mean by "split inbound and outbound", but any
outbound MX host *should* be listed in DNS.


Tell you what.  Explain what an *OUTBOUND* MX is, and I'll see what I
can do.

The machine in question is *NOT* listed as an MX, because it is *NOT* a
machine that should be accepting *inbound* mail for the domain.  Its
purpose in life is to send mail to off-campus sites.
It appears that what you're missing is that this one "flaw" is not enough to get mail rejected by policyd-weight. Policyd-weight, much like SA, works on cumulative scoring. One "bad" thing isn't going to get your mail rejected. But, in general, spam, viruses, phishing scams, et. al. will not only not be listed as an MX in DNS, they also won't reverse. They also forge the domain. They also lie about the sender domain. They also come from dialups or from known "spammy" servers. So, the *cumulative* effect is that the mail gets rejected. 

One "flaw" such as a missing MX record is not going to cause a problem.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: