SpamAssassin Trick to fight Spam

tmcleroy · 07-06-2009, 04:44 AM

In my ongoing fight against Spam..

From the SpamAssassin site they refer to a technique to fight spam by putting up fake MX records.

"Fake MX records can work like greylisting and often much faster. It doesn't require the installation of new software. What you do is add a fake highest and lowest MX record. Normal email will probably retry but spammers often don't. This is especially true of virus infected windows zombie spam."

Link:
http://wiki.apache.org/spamassassin/OtherTricks

Are these set from the Plesk DNS Zone Setting Panel or somewhere else?

Thank you, Thomas

**MikeMann** · 07-06-2009, 05:59 PM

Quote:

Originally Posted by tmcleroy

Are these set from the Plesk DNS Zone Setting Panel or somewhere else?

I believe the MX records could be done under Plesk, but it calls for the lowest to be pointed where port 25 is closed. The part under the heading "Help Junk Email Filter Build a Blacklist" looks interesting with you setting up a higher MX pointed at their server.

tmcleroy · 07-06-2009, 06:43 PM

Thanks Mike, Jumping into water that is a little deeper than I should be in. Can we set up a mx record to a closed port that would have the highest priority. i.e. mailspam.mydomain.com and put this on MX(0) and then follow with mail.mydomain.com at MX(10) and mail.mydomain.com at MX(20) and then point to their blacklist up at say MX(90).

If so I would like to do this. It seems like it would save a lot of unwanted traffic coming in and also usage on your servers. I just need to know how to associate mailspam.mydomain.com to a closed port.

Thanks, Thomas

**MikeMann** · 07-07-2009, 01:55 AM

Quote:

Originally Posted by tmcleroy

If so I would like to do this. It seems like it would save a lot of unwanted traffic coming in and also usage on your servers. I just need to know how to associate mailspam.mydomain.com to a closed port.

Well it's not my server (just help out around here), but I don't think pointing to a closed port is possible here. You could try using what is listed under the "Help Junk Email Filter Build a Blacklist" heading over there. That would not require trying to point to a closed port here, as they have it all setup over there.

**RobbieLePommie** · 07-08-2009, 07:53 AM

Mx doesn't quite work like that - it's not the MX that points to a port. You're referring to "priority".

MX simply resolves to an IP address.

What you can do is set two MX records, with different priorities. Mail senders should check the MX record with the highest priority (lowest number) first, resolve that to an IP address and try to sent to a receiving SMTP server on that IP address. If that fails, they should try the second and then subsequent MX records in priority order. (If you have two with the same priority, the IP addresses should be used alternately).

So, you are suggesting setting an MX record pointing to a dummy IP address with a high prority (low number) and then an MX record pointing to the correct IP address with a lower priority. The idea being that spammers will try the first and give up on failure, where real mail system will try both.

Bad news, I'm afraid:
- There are reports of spammers who actually try the low priority MX record first - in an attempt to defeat spam systems that may be sitting on the normal MX record. So, no go there.
- You're inviting yourself to delays in your mail (or even misdelivery)

Not really worth the trouble, IMO.

**NexDog** · 07-09-2009, 08:20 AM

The fight against spam is such a pain. There are many tools to cut out most of it at server level and at some point we are going to have to have a large community discussion about it. Many people want spam gone but people also don't want the headaches that can come with it. We can do Greylisting and we have been running it on a few servers. The delay in receiving mail depends largely on the sending MTA but generally it can be around 20 minutes at the fastest point - or hours at the slowest.

We can do rDNS checks on all incoming mail and that would also stop 90% of the spam. Unfortunately not everyone has a mail server that is setup correctly with rDNS and we would get many tickets about "why can't my friend send me mail". We've tried it, too many complaints.