Dummy MX (mail exchangers, incoming mail servers) trick to reduce spam Imprimer

Here is a quick trick to further reduce the amount of spam we are getting. Domains usually have MX (mail exchangers, or incoming mail servers) records in their DNS configuration. Here is our DNS configuration for the OC9.COM domain :

IN MX 1 mail1.oc9.com.
IN MX 5 master.oc9.com.
IN MX 6 slave2.oc9.com.
IN MX 8 mail2.oc9.com.
IN MX 10 mail3.oc9.com.

The numbers in front of the host names represent the priority or the order in which mail transport agents (other mail servers) will try to connect to our servers to deliver emails to us.

It means first try mail1.oc9.com; if it fails, try master.oc9.com; if it fails, try slave2.oc9.com; if it fails, try mail2.oc9.com; if it fails, try mail3.oc9.com;

This way to do things is built into DNS and the SMTP protocol in order to insure redundancy of mail servers and to insure that mail will always be delivered to one of the available servers. All real mail servers respecting the SMTP protocol will try ALL configured MX servers. By contrast, not all spam sending software will show the correct behavior, some only try the first MX, some only try the last, then the first etc.

Now, mail1, mail2 and mail3 are dummy servers. The IPs mapped to these servers do not send any response back if you send a packet to port 25 on these servers making them appear to be always down.

If fact only master.oc9.com and slave2.oc9.com are indeed accepting our mail.
  • Some quickly written spambots installed on home user and other computers (through viruses or trojans) will not fail over to the auxiliary servers like a normal mail transport agent would. It means these spambots will try mail1.oc9.com, timeout after a while and abandon the idea of sending the spam to our server.
  • Similarly, some spam bots attempt to connect to the servers in the reverse order that a normal mail delivery agent would. They do this because they figure that connecting to the fail over server will make their spam go through more easily. These often fall back on the first mailserver (mail1.oc9.com) in case of failure to connect to the last mail server in the priority list (mail3.oc9.com).
  • All mail servers respecting the SMTP protocol will try ALL configured MX servers.
This approach eliminates some spam by preventing these spambots to connect to our real servers in the first place while allowing properly configured mail servers (real mail servers sending real legitimate emails) to connect our servers.

Ajouter votre commentaire / Add your comment

Votre nom / Your name:
Sujet / Subject:
Commentaire:
SPAM: Ne pas inclure de lien ou utiliser le stratagème suivant: "yahoo.com slash mapage.html"     Nous utilisons un filtre qui bloque les commentaires suspects avec une erreur 403. De même, du code de programmation ou sql peut provoquer des erreurs 403. Veuillez utiliser un lien vers votre code tel que: "pastebin.com slash jVNqLieD"    Merci!
Comment:
SPAM: Do not include any links in your post or use the following construct: "yahoo.com slash mypage.html"    We are using a filter that denies suspicious posts with a 403 error. Programming language or SQL code may also cause a 403 error. Please provide a link to your code instead like: "pastebin.com slash jVNqLieD"    Thank you! :
  Lettres de vérification; lettres minuscules seulement, pas d
Retaper les lettres affichées / Word verification:
Mis à jour / Last updated ( samedi, 15 décembre 2007 20:03 )