For the past 48 hours, I've been dealing with a Sendmail server that was shutting down frequently with a load average above 13. The server's getting flooded constantly with spam attempts to non-existent users on more than 100 domains.
I've set up Sendmail to use a virtusertable that rejects every non-valid email address with a "user unknown" error. This is helpful, but Sendmail still has to take the time to reject each spam attempt. Since all but six domains on the server don't receive any mail at all, I wanted to find a way to stop Sendmail from receiving any requests for those domains.
After doing some research, I decided to try setting a fake MX record for the domains that do not send or receive mail. Here's how MX records are set for these domains:
IN MX 10 mail.example.com.
There's no mail server associated with that hostname.
On servers that do exchange email, fake MX records can be used to deter spammers. Most email servers are equipped to deal with mail servers that are unavailable. They queue the outgoing mail and try an alternate mail server, if one has been defined for the domain. Spam software can't take the time to queue an outgoing mail for delivery later because it is sending millions of messages. If it finds a mail server that's unavailable, it gives up and goes on to the next server.
Putting fake servers as the first and last MX record in a domain supposedly discourages spammers without affecting the receipt of legitimate email. Spammers hit the fakes and give up. Legitimate mail servers hit a fake, then try the next option and deliver the mail.
Here's how MX records can be set to achieve this:
IN MX 10 mail1.example.com.
IN MX 20 mail2.example.com.
IN MX 30 mail3.example.com.
The mail1.example.com and mail3.example.com servers are fakes that don't resolve properly. The functioning mail server is at mail2.example.com.
So far, the approach appears to work. Legitimate email is getting through and most domains aren't getting any spam attempts at all.
-- Rogers Cadenhead
Don't you want different, increasing, "pref" fields in your MX records for this purpose? My understanding of MX record format is that since you've set the "pref" field to the same value there (10) for all three records, in fact those three servers will be used in a random order.
Thanks ... that was a typo in my blog entry. The prefs are set to 10, 20 and 30.
A couple of points; one, make sure the domains and hostnames you're using aren't actually registered to someone else (I dunno if you're actually using 'example.com' or not, but I should think the IANA would have something to say about your choice, especially if they're seeing either increased DNS or SMTP traffic as a result. Secondly, it's the rare bot that doesn't cache or deliver separate files containing the MXen for the domains in whatever current list it's hitting, in an attempt to avoid being detected (most end user systems don't do lots of MX lookups, so it's a red flag for proactive ISPs when they see that sort of traffic).
Finally, why are you even providing SMTP service for domains that don't receive mail? Consider using a MX of '.' instead.
I'm using mail.example.com as the fake MX record on domains with no mail service. It does not resolve to a valid IP address. I'm not aware of the traffic implications, but example.com is used everywhere for a multitude of purposes, so my guess is that IANA would not care.
On the domains that do get mail, I'm referring to two fake hosts on my server and one real mail server.
My impression from the Sendmail docs is that if you omit the MX record it will default to the domain name. Since the domains share an IP address with a Sendmail server, that will send mail traffic to my valid mail server.
What does an MX record of "." accomplish?
Good post and discussion. In fact your post got me thinking more about this whole topic so I decided to blog about this myself. Check it out and let me know what you think (sorry it's a tad long, but I think about this stuff pretty much everyday!
It's slightly dated now, but I've found this 2004 presentation by Bill Moran to be an excellent overview of what works in keeping unwanted mail out of your mailserver without rejecting legitimate messages. I would presume that Sendmail has analogs to the various sanity checks described for Postfix. Personally, I've found greylisting to be so effective that I don't need to bother with real-time block lists or content filtering.
The RFCs say that when no MX record is there, the A record shall be used for sending email (or trying to). Historically this was not a problem.
Some people also use a MX record to a host pointing to 127.0.0.1 when they don't expect to receive mail. I would guess that having "." as a MX record would just end up as any invalid host, as "." has no A/AAAA record.
Thanks, this website is very valuable.
billige fotballdrakter www.travelstobhutan.com
Your material is very interesting.
Thanks for supplying these kinds of very good details.
Maintain the great job and generating the group!
Great looking site. Assume you did a great deal of your own coding.
fotballdrakter barn www.nottheitgirls.com
Superb Website, Maintain the good work. Appreciate it.|
You're a really practical web site; could not make it without ya!
fotbollstr?jor barn www.tampabaygoodliving.com
Your material is very important.
Extremely individual friendly website. Great information available on few clicks.
maglie calcio poco prezzo www.doralcentermall.com
Wow because this is really helpful work! Congrats and keep it up.
Much thanks! It is definitely an wonderful web site.
maglie calcio www.haeroo.com
I enjoy this website - its so usefull and helpfull.
Arsenal Tr?jer www.shannonmdrealty.com
I adore this site - its so usefull and helpfull.
Napoli Tr?jor www.fashionradicalsnews.com
Keep up the awesome job !! Lovin' it!
I like this website - its so usefull and helpfull.
Maglia PSG Poco Prezzo www.theconservatarianreview.com
Greetings, well put together web-site you've got in here.
Bayern Munchen Tr?jor www.bettermensolutions.com
Many thanks, this website is extremely useful.
Maglia AC Milan Poco Prezzo www.zeropartypolitics.com
Greetings, excellent web site you have presently.
Arsenal Tr?jer www.asleftasfound.com
Great looking website. Presume you did a great deal of your very own html coding.
Napoli Drakt www.mydescubrimientos.com
Add a Comment