Educause Security Discussion mailing list archives
Re: Barracuda Spam Filter
From: "Jamie A. Stapleton" <jstapleton () COMPUTER-BUSINESS COM>
Date: Tue, 26 Jul 2005 18:06:15 -0400
Well, there have been lots of comments. ;-) Basically, if you leave port 25 open on IP 65.209.95.165, spammers will eventually find and exploit it. Please call me if you have any questions. Jamie 804-412-1601 -----Original Message----- From: Charlie Prothero [mailto:Charlie.Prothero () KEYSTONE EDU] Sent: Tuesday, July 26, 2005 6:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Barracuda Spam Filter Hmm. This morning, I thought I had a good handle on this. Now, I'm not so sure... Our MX records look like this: IN MX 1 ms4.tcnoc.com. IN MX 10 ms5.tcnoc.com. IN MX 20 mercury.keystone.edu. Mercury is our mail server (MS Exchange), and the first two are Tangent's spam filtering machines. My understanding had been that once we were up and running on the Tangent service, we were supposed to remove our mail server's MX record, leaving Tangent as the only route to our domain for incoming mail. Outgoing mail continues to be sent from Mercury, which has an A-record in our DNS. Are there problems with this arrangement? - Charlie. -----Original Message----- From: Graham Toal [mailto:gtoal () UTPA EDU] Sent: Tuesday, July 26, 2005 2:22 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Barracuda Spam Filter Jamie A. Stapleton wrote:
6. Knowledge. These people don't appear to know what they are doing. They left mercury.keystone.edu (with IP address 65.209.95.165) as an MX
record. Any spammer can find this and attack it without effort. (See below.) 220 mercury.keystone.edu Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Tue, 26 Jul 2005 09:24:36 -0400
there's actually an understandable reason for that. Many mail systems by default will only accept (deliver) mail for which they are the lowest-valued MX, so by leaving the final destination mailer listed (with the lowest value, which I hope this was), they don't impose a competancy requirement on the clients to reconfigure their mailer to be the delivery mailer for a domain which does not MX to them. However it equally does impose a competancy requirement that they either configure their mailer to accept mail from *only* the higher-valued MX hosts, *or* get their networking people to block them at the firewall. Either of those is entirely reasonable (we block at the firewall ourselves), but the downside is that the lowest-valued MX never responds and senders always have a delay while backing off to the next lowest value. This may not be quite as bad as it sounds though, because a significant number of spammers will back off at that point and you'll never see their spam, much like an accidentally implemented grey-listing :-) G
Current thread:
- Re: Barracuda Spam Filter, (continued)
- Re: Barracuda Spam Filter Charlie Prothero (Jul 26)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 26)
- Re: Barracuda Spam Filter Charlie Prothero (Jul 26)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 26)
- Re: Barracuda Spam Filter Stephen W. Bradley (Jul 26)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 26)
- Re: Barracuda Spam Filter Graham Toal (Jul 26)
- Re: Barracuda Spam Filter Justin Sipher (Jul 26)
- Re: Barracuda Spam Filter Charlie Prothero (Jul 26)
- Re: Barracuda Spam Filter Charlie Prothero (Jul 26)
- Re: Barracuda Spam Filter Jamie A. Stapleton (Jul 26)
- Re: Barracuda Spam Filter Parker, Ron (Jul 26)
- Re: Barracuda Spam Filter Dave Koontz (Jul 26)
- Re: Barracuda Spam Filter Matthew Keller (Jul 27)
- Re: Barracuda Spam Filter Michael_Maloney (Jul 27)
- Re: Barracuda Spam Filter Tony Harris (Jul 27)
- Re: Barracuda Spam Filter Matthew Keller (Jul 27)
- Re: Barracuda Spam Filter Dave Koontz (Jul 27)
- Re: Barracuda Spam Filter Hall, Rand (Jul 27)
- Re: Barracuda Spam Filter Information Security (Jul 27)
- Re: Barracuda Spam Filter Parker, Ron (Jul 27)
(Thread continues...)