For the past 48 hours, I've been dealing with a Sendmail server that was shutting down frequently with a load average above 13. The server's getting flooded constantly with spam attempts to non-existent users on more than 100 domains.
I've set up Sendmail to use a virtusertable that rejects every non-valid email address with a "user unknown" error. This is helpful, but Sendmail still has to take the time to reject each spam attempt. Since all but six domains on the server don't receive any mail at all, I wanted to find a way to stop Sendmail from receiving any requests for those domains.
After doing some research, I decided to try setting a fake MX record for the domains that do not send or receive mail. Here's how MX records are set for these domains:
IN MX 10 mail.example.com.
There's no mail server associated with that hostname.
On servers that do exchange email, fake MX records can be used to deter spammers. Most email servers are equipped to deal with mail servers that are unavailable. They queue the outgoing mail and try an alternate mail server, if one has been defined for the domain. Spam software can't take the time to queue an outgoing mail for delivery later because it is sending millions of messages. If it finds a mail server that's unavailable, it gives up and goes on to the next server.
Putting fake servers as the first and last MX record in a domain supposedly discourages spammers without affecting the receipt of legitimate email. Spammers hit the fakes and give up. Legitimate mail servers hit a fake, then try the next option and deliver the mail.
Here's how MX records can be set to achieve this:
IN MX 10 mail1.example.com.
IN MX 20 mail2.example.com.
IN MX 30 mail3.example.com.
The mail1.example.com and mail3.example.com servers are fakes that don't resolve properly. The functioning mail server is at mail2.example.com.
So far, the approach appears to work. Legitimate email is getting through and most domains aren't getting any spam attempts at all.
-- Rogers Cadenhead
Don't you want different, increasing, "pref" fields in your MX records for this purpose? My understanding of MX record format is that since you've set the "pref" field to the same value there (10) for all three records, in fact those three servers will be used in a random order.
Thanks ... that was a typo in my blog entry. The prefs are set to 10, 20 and 30.
A couple of points; one, make sure the domains and hostnames you're using aren't actually registered to someone else (I dunno if you're actually using 'example.com' or not, but I should think the IANA would have something to say about your choice, especially if they're seeing either increased DNS or SMTP traffic as a result. Secondly, it's the rare bot that doesn't cache or deliver separate files containing the MXen for the domains in whatever current list it's hitting, in an attempt to avoid being detected (most end user systems don't do lots of MX lookups, so it's a red flag for proactive ISPs when they see that sort of traffic).
Finally, why are you even providing SMTP service for domains that don't receive mail? Consider using a MX of '.' instead.
I'm using mail.example.com as the fake MX record on domains with no mail service. It does not resolve to a valid IP address. I'm not aware of the traffic implications, but example.com is used everywhere for a multitude of purposes, so my guess is that IANA would not care.
On the domains that do get mail, I'm referring to two fake hosts on my server and one real mail server.
My impression from the Sendmail docs is that if you omit the MX record it will default to the domain name. Since the domains share an IP address with a Sendmail server, that will send mail traffic to my valid mail server.
What does an MX record of "." accomplish?
Good post and discussion. In fact your post got me thinking more about this whole topic so I decided to blog about this myself. Check it out and let me know what you think (sorry it's a tad long, but I think about this stuff pretty much everyday!
It's slightly dated now, but I've found this 2004 presentation by Bill Moran to be an excellent overview of what works in keeping unwanted mail out of your mailserver without rejecting legitimate messages. I would presume that Sendmail has analogs to the various sanity checks described for Postfix. Personally, I've found greylisting to be so effective that I don't need to bother with real-time block lists or content filtering.
The RFCs say that when no MX record is there, the A record shall be used for sending email (or trying to). Historically this was not a problem.
Some people also use a MX record to a host pointing to 127.0.0.1 when they don't expect to receive mail. I would guess that having "." as a MX record would just end up as any invalid host, as "." has no A/AAAA record.
I found your this post while searching for information about blog-related research ... It's a good post .. keep posting and updating information.
My wife and i ended up being absolutely relieved Edward could finish off his investigation by way of the ideas he acquired through your web site. It is now and again perplexing to simply continually be giving for free instructions which usually a number of people could have been selling. So we do know we now have the writer to be grateful to for this. The type of explanations you made, the simple blog navigation, the relationships your site give support to foster - it is all spectacular, and it is aiding our son and us reckon that the situation is exciting, which is certainly quite indispensable. Thanks for all the pieces!
adidas ultra boost uncaged www.adidasultraboost.us.org<>
Thank you a lot for providing individuals with remarkably marvellous possiblity to check tips from this web site. It's always so superb and packed with amusement for me and my office friends to search your blog on the least three times in one week to read through the newest issues you will have. And definitely, I'm just usually satisfied with the exceptional concepts you serve. Selected 4 points on this page are undoubtedly the most beneficial we have all had.
kyrie shoes www.kyrieirving-shoes.us.com<>
I'm just commenting to let you be aware of of the fine experience my wife's princess experienced going through yuor web blog. She figured out plenty of pieces, with the inclusion of what it's like to possess a very effective coaching nature to have many more with no trouble know several advanced topics. You actually did more than our desires. I appreciate you for offering these interesting, healthy, informative and unique thoughts on your topic to Ethel.
michael kors handbags www.handbagsmichaelkors.com<>
I and my buddies ended up checking the good tips on your website and suddenly I got a horrible feeling I had not expressed respect to you for those secrets. The guys are actually so glad to see them and have now simply been tapping into them. Many thanks for being considerably considerate and then for obtaining certain cool useful guides millions of individuals are really desperate to understand about. Our honest apologies for not expressing appreciation to you earlier.
yeezy boost 350 www.yeezysshoes.us.com<>
You have done a great job on this article. It's very readable and highly intelligent. You have even managed to make it understandable and easy to read. You have some real writing talent. Thank you.
I enjoy you because of all your efforts on this website. My daughter really loves going through internet research and it is easy to understand why. A lot of people know all regarding the dynamic way you present advantageous secrets through your web site and increase participation from some other people on this area of interest plus our simple princess is truly learning a whole lot. Take pleasure in the remaining portion of the year. You're doing a pretty cool job.
golden goose outlet www.goldengoose-sneakers.us<>
I wish to show some thanks to you just for rescuing me from this problem. After exploring through the search engines and meeting strategies which were not pleasant, I assumed my entire life was well over. Living minus the answers to the difficulties you've sorted out by means of the post is a serious case, and the kind that could have in a negative way damaged my career if I hadn't encountered your web page. Your primary skills and kindness in playing with all the things was very useful. I'm not sure what I would have done if I hadn't discovered such a step like this. I am able to at this moment look ahead to my future. Thank you so much for the specialized and result oriented help. I won't think twice to endorse your site to anyone who will need tips about this matter.
birkin bag www.hermes-birkin.us.com<>
Nice to read your article! I am looking forward to sharing your adventures and experiences.
This is my first time i visit here and I found so many interesting stuff in your blog especially it's discussion. thank you.
Nice to read your article! I am looking forward to sharing your adventures and experiences.
The website is looking bit flashy and it catches the visitors eyes. Design is pretty simple and a good user friendly interface.
Add a Comment