Fake MX Record(s) Trick - SpamAssassin

This is a discussion on Fake MX Record(s) Trick - SpamAssassin ; ...

+ Reply to Thread
Results 1 to 15 of 15

Thread: Fake MX Record(s) Trick

  1. Re: Fake MX Record(s) Trick


  2. Re: Fake MX Record(s) Trick


  3. Re: Fake MX Record(s) Trick


  4. Fake MX Record(s) Trick

    Hi,

    I'm a linux noob and a spam assassin noob so please reply in simplified
    language. Thanks.

    I saw on the wiki a trick to use fake mx records in order to weed out spam (
    http://wiki.apache.org/spamassassin/OtherTricks). I'm using Evolution at
    home and on my laptop and I have the spamassassin plugin so I'm constantly
    clicking the "junk" icon. I have access to my shared web hosting account
    and I sure do get TONS of spam. I'm a bit confused as to how to implement
    it though. My web host uses WHM so my form looks something like this:

    digitalalias.net 14400 IN MX 0 digitalalias.net

    What is 14400, I'm guessing a port of some kind. Besides that the wiki
    suggests that my first fake mx record should be set at 10, then my real mx
    record at 20, and then another fake one at 30. Why is this since my current
    mx record is set to 0?

    fake0.example.com 10
    realmx.example.com 20
    fake1.example.com 30


    Marc F.

    "..Grace to you and peace from Him who is and who was and who is to come.."
    -Rev1:4


  5. Re: Fake MX Record(s) Trick

    On 20.06.08 10:38, Marc Ferguson wrote:
    > I'm a linux noob and a spam assassin noob so please reply in simplified
    > language. Thanks.
    >
    > I saw on the wiki a trick to use fake mx records in order to weed out spam (
    > http://wiki.apache.org/spamassassin/OtherTricks). I'm using Evolution at
    > home and on my laptop and I have the spamassassin plugin so I'm constantly
    > clicking the "junk" icon. I have access to my shared web hosting account
    > and I sure do get TONS of spam. I'm a bit confused as to how to implement
    > it though. My web host uses WHM so my form looks something like this:
    >
    > digitalalias.net 14400 IN MX 0 digitalalias.net
    >
    > What is 14400, I'm guessing a port of some kind.


    it's a TTL of the recotrd. ALL MX ex should have equal TTL, if others don't
    have any explicitly specified (BIND takes it from other info), don't specify
    this.

    > Besides that the wiki suggests that my first fake mx record should be set
    > at 10, then my real mx record at 20, and then another fake one at 30. Why
    > is this since my current mx record is set to 0?


    The numbers is irelevant, only the order is. 0-1-2 will have the same effect
    as 10-20-30 or 10-95-100.


    --
    Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    Posli tento mail 100 svojim znamim - nech vidia aky si idiot
    Send this email to 100 your friends - let them see what an idiot you are


  6. Re: Fake MX Record(s) Trick

    On Fri, 2008-06-20 at 10:38 -0400, Marc Ferguson wrote:
    > Hi,


    > I saw on the wiki a trick to use fake mx records in order to weed out
    > spam (http://wiki.apache.org/spamassassin/OtherTricks). I'm using
    > Evolution at home and on my laptop and I have the spamassassin plugin
    > so I'm constantly clicking the "junk" icon. I have access to my
    > shared web hosting account and I sure do get TONS of spam. I'm a bit
    > confused as to how to implement it though. My web host uses WHM so my
    > form looks something like this:
    >
    > digitalalias.net 14400 IN MX 0 digitalalias.net
    >
    > What is 14400,


    The time-to-live. It tells the world how often (in seconds) they should
    check back to see if this record has changed. You are telling people to
    check once every 4 hours.

    > I'm guessing a port of some kind. Besides that the wiki suggests that
    > my first fake mx record should be set at 10, then my real mx record at
    > 20, and then another fake one at 30. Why is this since my current mx
    > record is set to 0?


    Lowest number wins, so to attempt this "trick" you would need to change
    your current MX to be some number larger than zero so that a fake MX
    could be inserted lower.

    But I'm not convinced that twiddling with fake MX records will reduce
    your spam level any.
    --
    Daniel J McDonald, CCIE #2495, CISSP #78281, CNX
    Austin Energy
    http://www.austinenergy.com


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.9 (GNU/Linux)

    iEYEABECAAYFAkhfoBEACgkQGvhCU13z7IgOVQCZAYKFtMv5An ZoTvsthaZy00da
    1iwAn1nGeQocAEJryBDxhopCqCay+PvE
    =LUDl
    -----END PGP SIGNATURE-----


  7. Re: Fake MX Record(s) Trick

    Marc Ferguson schrieb am 20.06.2008 16:38:

    > I saw on the wiki a trick to use fake mx records in order to weed out
    > spam (http://wiki.apache.org/spamassassin/OtherTricks). I'm using
    > Evolution at home and on my laptop and I have the spamassassin plugin so
    > I'm constantly clicking the "junk" icon. I have access to my shared web
    > hosting account and I sure do get TONS of spam. I'm a bit confused as
    > to how to implement it though.


    If you don't exactly know what you are doing, don't fiddle with your MX
    entries. Correctly set up, SpamAssassin is 99.9% accurate even without
    such special tweaks. With 99.9% I mean that for every 1000 spam I get,
    at most 1 is not detected.

    You might have not understood how SpamAssassin works: it simply marks
    spam as spam, but passes it through into your inbox like any other mail.
    It is an additional task for you to set up in your mail client or in
    your mail delivery agent to move marked spam away to some kind of junk
    folder. SpamAssassin marks found spam with the "X-Spam-Flag: YES" header.

    Tschau
    Alex


  8. Re: Fake MX Record(s) Trick

    Marc Ferguson escribió:
    > Hi,
    >
    > I'm a linux noob and a spam assassin noob so please reply in
    > simplified language. Thanks.
    >
    > I saw on the wiki a trick to use fake mx records in order to weed out
    > spam (http://wiki.apache.org/spamassassin/OtherTricks). I'm using
    > Evolution at home and on my laptop and I have the spamassassin plugin
    > so I'm constantly clicking the "junk" icon. I have access to my
    > shared web hosting account and I sure do get TONS of spam. I'm a bit
    > confused as to how to implement it though. My web host uses WHM so my
    > form looks something like this:
    >
    > digitalalias.net 14400 IN MX 0
    > digitalalias.net
    >
    > What is 14400, I'm guessing a port of some kind. Besides that the
    > wiki suggests that my first fake mx record should be set at 10, then
    > my real mx record at 20, and then another fake one at 30. Why is this
    > since my current mx record is set to 0?
    >
    > fake0.example.com 10
    > realmx.example.com 20
    > fake1.example.com 30

    Hey Marc.
    That is a variation or extension of a technique known as "nolisting",
    which consists on making your primary MX record point to an IP which
    does not accept SMTP connections (i.e. a fake). In this case, the MX
    with the lowest priority is also a made a fake because spammers tend to
    target the lowest priority mail server directly (a spammer breaking the
    rules, imagine that!) to avoid the usually tighter security of the
    primary mail server.


    From http://nolisting.org/:
    Nolisting requires privileges that are only available to administrators.
    It is not configurable by end users. To configure Nolisting, an
    administrator must have the following:

    * the ability create MX records for the destination domain
    * a spare /public/ IP address, within the administrator's control,
    that has no listening service running on SMTP port 25
    * cooperation of all staff with administrative control over related
    network resources
    * optionally, a packet filter on the IP address specified as the
    primary MX (recommended)


    In my opinion this "trick" sucks for many reasons, two mainly: First,
    legitimate mail senders lose time and sometimes lose mails (for example
    unpatched RFC-compliant qmail servers).
    Second, it's pointless, spammers are already adapting. All they have to
    do is try all mx records. So du'h.

    Besides, having fake mx records in your DNS makes *you* non
    RFC-compliant.

    Regards
    /Diego


  9. Re: Fake MX Record(s) Trick

    On Mon, 23 Jun 2008, McDonald, Dan wrote:

    > But I'm not convinced that twiddling with fake MX records will reduce
    > your spam level any.


    Cue Mr. Perkel...

    --
    John Hardin KA7OHZ http://www.impsec.org/~jhardin/
    jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
    key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
    -----------------------------------------------------------------------
    The problem is when people look at Yahoo, slashdot, or groklaw and
    jump from obvious and correct observations like "Oh my God, this
    place is teeming with utter morons" to incorrect conclusions like
    "there's nothing of value here". -- Al Petrofsky, in Y! SCOX
    -----------------------------------------------------------------------
    11 days until the 232nd anniversary of the Declaration of Independence


  10. Re: Fake MX Record(s) Trick

    Marc Ferguson wrote:
    > Hi,
    >
    > I'm a linux noob and a spam assassin noob so please reply in
    > simplified language. Thanks.
    >
    > I saw on the wiki a trick to use fake mx records in order to weed out
    > spam (http://wiki.apache.org/spamassassin/OtherTricks). I'm using
    > Evolution at home and on my laptop and I have the spamassassin plugin
    > so I'm constantly clicking the "junk" icon. I have access to my
    > shared web hosting account and I sure do get TONS of spam. I'm a bit
    > confused as to how to implement it though. My web host uses WHM so my
    > form looks something like this:
    >
    > digitalalias.net 14400 IN MX 0
    > digitalalias.net
    >
    > What is 14400, I'm guessing a port of some kind. Besides that the
    > wiki suggests that my first fake mx record should be set at 10, then
    > my real mx record at 20, and then another fake one at 30. Why is this
    > since my current mx record is set to 0?
    >
    > fake0.example.com 10
    > realmx.example.com 20
    > fake1.example.com 30
    >

    Hi Marc,

    I'm the guy who invented the trick and yes it does work. I'm running it
    with more that 4000 domains and it gets rid of more than half my spam
    without having to use spamassassin. I use SA too but it's very expensive
    to run and anything that reduces it will cut your server load.

    I'm also providing a public server to harvest fake MX info to help build
    my blacklist. You can use this host for your fake high numbered MX. (Not
    a low numbered MX though)

    mail.yourdomain.com 10
    tarbaby.junkemailfilter.com 20




  11. Re: Fake MX Record(s) Trick


    On Mon, June 23, 2008 21:27, mouss wrote:

    > 14400 is 4 hours (4*3660) which is a bit low for an MX.... 86400 (24
    > hours) is probably better.


    nice calc for 4 hours :-)


    Benny Pedersen
    Need more webspace ? http://www.servage.net/?coupon=cust37098


  12. Re: Fake MX Record(s) Trick

    On Dienstag, 24. Juni 2008 Benny Pedersen wrote:
    > > 14400 is 4 hours (4*3660) which is a bit low for an MX.... 86400
    > > (24 hours) is probably better.

    >
    > nice calc for 4 hours :-)


    mouss is french, you must know ;-)

    mfg zmi
    --
    // Michael Monnerie, Ing.BSc ----- http://it-management.at
    // Tel: 0660 / 415 65 31 .network.your.ideas.
    // PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
    // Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
    // Keyserver: www.keyserver.net Key-ID: 1C1209B4

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.4-svn0 (GNU/Linux)

    iD8DBQBIYKDQzhSR9xwSCbQRAu92AJ4iOVtoiiG2dVZtkHHvml it3hyeMwCfZpL4
    rPcoRzoppj1+JJKq2EjoVto=
    =K2ao
    -----END PGP SIGNATURE-----


  13. RE: Fake MX Record(s) Trick


    >
    > mouss is french, you must know ;-)
    >


    French mouse?

    ;-)

    http://disney.go.com/disneyvideos/an...s/ratatouille/

    No offense intended of course... it really was a cute movie...

    Time for vacations!

    - rh


  14. Re: Fake MX Record(s) Trick

    On Mon, 23 Jun 2008, Marc Perkel wrote:

    > Marc Ferguson wrote:
    >> Hi,
    >>
    >> I'm a linux noob and a spam assassin noob so please reply in simplified
    >> language. Thanks.
    >> I saw on the wiki a trick to use fake mx records in order to weed out spam
    >> (http://wiki.apache.org/spamassassin/OtherTricks). I'm using Evolution at
    >> home and on my laptop and I have the spamassassin plugin so I'm constantly
    >> clicking the "junk" icon. I have access to my shared web hosting account
    >> and I sure do get TONS of spam. I'm a bit confused as to how to implement
    >> it though. My web host uses WHM so my form looks something like this:
    >>
    >> digitalalias.net 14400 IN MX 0
    >> digitalalias.net
    >>
    >> What is 14400, I'm guessing a port of some kind. Besides that the wiki
    >> suggests that my first fake mx record should be set at 10, then my real mx
    >> record at 20, and then another fake one at 30. Why is this since my
    >> current mx record is set to 0?
    >>
    >> fake0.example.com 10
    >> realmx.example.com 20
    >> fake1.example.com 30
    >>

    > Hi Marc,
    >
    > I'm the guy who invented the trick and yes it does work. I'm running it with


    No you aren't.

    > more that 4000 domains and it gets rid of more than half my spam without
    > having to use spamassassin. I use SA too but it's very expensive to run and
    > anything that reduces it will cut your server load.
    >
    > I'm also providing a public server to harvest fake MX info to help build my
    > blacklist. You can use this host for your fake high numbered MX. (Not a low
    > numbered MX though)
    >


    Que the spamvertising...

    > mail.yourdomain.com 10
    > tarbaby.junkemailfilter.com 20
    >
    >
    >


    --
    Happy cheese in fear | Jon Trulson
    against oppressor, rebel! | mailto:jon@radscan.com
    Brocolli, hostage. -Unknown | #include


  15. Re: Fake MX Record(s) Trick

    Robert - elists wrote:
    >> mouss is french, you must know ;-)
    >>
    >>

    >
    > French mouse?
    >


    "mousse" means foam. Franciscaner weiss?

    > ;-)
    >
    > http://disney.go.com/disneyvideos/an...s/ratatouille/
    >
    > No offense intended of course... it really was a cute movie...
    >


    I loved it.
    > Time for vacations!
    >


    oh yeah. Barcelona, Estoy viniendo.


+ Reply to Thread