Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6}

From: Valdis.Kletnieks () vt edu
Date: Sat, 14 Oct 2006 01:44:04 -0400
On Fri, 13 Oct 2006 22:52:12 CDT, you said:


I'm not sure what you mean by "split inbound and outbound", but any
outbound MX host *should* be listed in DNS.


Tell you what.  Explain what an *OUTBOUND* MX is, and I'll see what I can do.

The machine in question is *NOT* listed as an MX, because it is *NOT* a
machine that should be accepting *inbound* mail for the domain.  Its purpose
in life is to send mail to off-campus sites.

But then, utdallas.edu can't pass that check either - I'm checking back
through the various mail you've sent, and I found this header:

Received: from smtp1.utdallas.edu (smtp1.utdallas.edu [129.110.10.12])  by lists
.grok.org.uk (Postfix) with ESMTP id EA6DD608   for  <full-disclosure () lists grok
.org.uk>; Thu, 12 Oct 2006 16:54:20 +0100 (BST)

However, the DNS says:

utdallas.edu.           46676   IN      MX      10 mx2.utdallas.edu.
utdallas.edu.           46676   IN      MX      20 mx0.utdallas.edu.
mx2.utdallas.edu.       76415   IN      A       129.110.10.17
mx0.utdallas.edu.       46676   IN      A       129.110.10.17

At least SPF, for all it's busticatedness, understood that at many sites,
the MX is *not* the outbound box (and in fact, the asymmetric configuration
is why you need an SPF record rather than testing the MX values...)

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: