Hi all, I have got postfix running on SuSE 9.1 but have some problems. It runs as a backup MX for a sendmail server running on Redhat 9. I am having a spam related problem, but I dont know where to begin... Whenever I enable postfix so that it is accepting external connections, spam levels rise. Where for example the backup MX runs on a host called mail.my.net I am getting spam in the form of subject@mail.my.net. What amazes me is that NOWHERE (to my knowlege) is the hostname mail.my.net listed on the net - the solve purpose of this host is (at present) backup MX. So my question is, how are spammers sending mail to domains for which this is backup MX and making the senders address appear to have come directly from the mail host ? Confused ! Whitey.
On Monday 15 November 2004 20:22, Neil White wrote:
Hi all, I have got postfix running on SuSE 9.1 but have some problems. It runs as a backup MX for a sendmail server running on Redhat 9.
I am having a spam related problem, but I dont know where to begin... Whenever I enable postfix so that it is accepting external connections, spam levels rise. Where for example the backup MX runs on a host called mail.my.net I am getting spam in the form of subject@mail.my.net.
What amazes me is that NOWHERE (to my knowlege) is the hostname mail.my.net listed on the net - the solve purpose of this host is (at present) backup MX.
So my question is, how are spammers sending mail to domains for which this is backup MX and making the senders address appear to have come directly from the mail host ?
If the sender doesn't qualify his address, that is to say he doesn't include the @foo.com part, postfix will by default add on the local domain name to it (this, by the way, is why we sometimes see mail from someone@suse.com on this list when that person has nothing at all to do with suse, he/she just sent a mail with an unqualified sender and postfix at suse.com tacked on the @suse.com)
Hi Neil, On Mon, 15 Nov 2004 19:22:57 +0000 UTC (11/15/2004, 1:22 PM -0500 UTC my time), Neil White in part wrote: N> I have got postfix running on SuSE 9.1 but have some problems. N> It runs as a backup MX for a sendmail server running on Redhat 9. okay N> I am having a spam related problem, but I dont know where to begin... N> Whenever I enable postfix so that it is accepting external connections, N> spam levels rise. N> Where for example the backup MX runs on a host called mail.my.net N> I am getting spam in the form of subject@mail.my.net. and why not... Since you did not give your real domain, I cannot check your DNS records. However, if you published DNS has both the primary listed and a secondary MX record pointing to "mail.my.net," you will receive spam when you open up postfix or any MTA. Spammers are quite sophisticated, and they will send mail to any MX record, sometimes even bypassing the primary, and going directly to the secondary MX. N> What amazes me is that NOWHERE (to my knowlege) is the hostname N> mail.my.net listed on the net - the solve purpose of this host is (at N> present) backup MX. Cannot help you unless you provide true info. N> So my question is, how are spammers sending mail to domains for which N> this is backup MX and making the senders address appear to have come N> directly from the mail host ? 1. As above, if your secondary MX is published. 2. Your primary Redhat box re-routes mail to the secondary SUSE box which is a subdomain. 3. At some time, you used postfix to send mail from your secondary box, and it showed your email coming from your subdomain e.g. @mail.my.net (SUSE box) instead of rewriting it to @my.net. This was then harvested by spammers as a true address, hence you receive spam. Bottom line, in today's times, you do not need a backup MX, IMO... period. Every modern MTA will keep mail in its sending queue (for the life of the queue, usually a week), and keep retrying if the receiving server is down. -- Gary
Hi Neil,
On Mon, 15 Nov 2004 19:22:57 +0000 UTC (11/15/2004, 1:22 PM -0500 UTC my time), Neil White in part wrote:
N> I have got postfix running on SuSE 9.1 but have some problems. N> It runs as a backup MX for a sendmail server running on Redhat 9.
okay
N> I am having a spam related problem, but I dont know where to begin... N> Whenever I enable postfix so that it is accepting external connections, N> spam levels rise.
N> Where for example the backup MX runs on a host called mail.my.net N> I am getting spam in the form of subject@mail.my.net.
and why not... Since you did not give your real domain, I cannot check your DNS records. However, if you published DNS has both the primary listed and a secondary MX record pointing to "mail.my.net," you will receive spam when you open up postfix or any MTA. Spammers are quite sophisticated, and they will send mail to any MX record, sometimes even bypassing the primary, and going directly to the secondary MX.
N> What amazes me is that NOWHERE (to my knowlege) is the hostname N> mail.my.net listed on the net - the solve purpose of this host is (at N> present) backup MX.
Cannot help you unless you provide true info.
I would love to, but my employers are paranoid so I cant Im afraid....
N> So my question is, how are spammers sending mail to domains for which N> this is backup MX and making the senders address appear to have come N> directly from the mail host ?
1. As above, if your secondary MX is published.
2. Your primary Redhat box re-routes mail to the secondary SUSE box which is a subdomain.
3. At some time, you used postfix to send mail from your secondary box, and it showed your email coming from your subdomain e.g. @mail.my.net (SUSE box) instead of rewriting it to @my.net. This was then harvested by spammers as a true address, hence you receive spam.
Bottom line, in today's times, you do not need a backup MX, IMO... period. Every modern MTA will keep mail in its sending queue (for the life of the queue, usually a week), and keep retrying if the receiving server is down.
This is interesting....I can see where you are coming from, but why do so many other providors have backup MX ? I am not trying to be argumentative or anything, but just wonder if you have any information backing this up? If backup MX is not needed, why does everyone still use it ? Thanks for all of your points... its making more sense now (Im learning still) Whitey
Hi Neil, On Mon, 15 Nov 2004 21:32:32 +0000 UTC (11/15/2004, 3:32 PM -0500 UTC my time), Neil White in part wrote:
Cannot help you unless you provide true info.
N> I would love to, but my employers are paranoid so I cant Im afraid.... I understand... If you have DNS tools, you can use dig or some such to find all MX records published to the net, e.g. dig mx foo.com
Bottom line, in today's times, you do not need a backup MX, IMO... period. Every modern MTA will keep mail in its sending queue (for the life of the queue, usually a week), and keep retrying if the receiving server is down.
N> This is interesting....I can see where you are coming from, but why do N> so many other providors have backup MX ? they really don't, very few do... let's take for example AOL... One of the largest email users and ISPs. What do they send, 20, 30, 50 million emails a day minimum? Probably receive as many, if not more per day. their records show: ; <<>> DiG 8.3 <<>> mx aol.com ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; aol.com, type = MX, class = IN ;; ANSWER SECTION: aol.com. 1H IN MX 15 mailin-02.mx.aol.com. aol.com. 1H IN MX 15 mailin-03.mx.aol.com. aol.com. 1H IN MX 15 mailin-04.mx.aol.com. aol.com. 1H IN MX 15 mailin-01.mx.aol.com. As you can see, one of the world's largest ISPs, does not use back up MX. All have the same time value on MX, there are no backup MXs. What you are seeing are 4 mail scalable server stations at different locations which are dividing the workload (in and outbound SMTP) after load balancing or round-robin. Of course, they may be subdivided internally, but externally on the net, these are their MX addresses. N> I am not trying to be argumentative or anything, but just wonder if N> you have any information backing this up? As the above example. It is all published on the net, just pick any ISP, or large organization and "dig" the DNS info. I am sure you can search google on why backup MX is not needed. N> If backup MX is not needed, why does everyone still use it ? everyone does not use it <g> It is *not* necessary... Some have it published, but do not use it except for special circumstances, or use it to only forward email from other authorized IP addresses, and reject all others, etc.. so they do not use it truly as a backup MX. This can be used for several purposes, least of which is a backup MX. N> Thanks for all of your points... its making more sense now you are welcome... N> (Im learning still) hee, hee... aren't we all... That's what makes life interesting. -- Gary
participants (4)
-
Anders Johansson
-
Gary
-
Gary
-
Neil White