funsec mailing list archives
fyi-- Ken A: negative caching of throwaway spam domains
From: Paul Vixie <paul () vix com>
Date: Wed, 21 Jun 2006 17:48:30 +0000
--- Begin Message --- From: Ken A <ka () pacific net>
Date: Wed, 21 Jun 2006 09:51:15 -0700
Hi, We have 3 spam filtering machines that each run a bind caching nameserver to help with rbl lookups, etc.. After mail passes through these machines it goes to our mail hub. Every so often, a spam from a throwaway spam domain will get through the spam filtering machines to the mailserver hub. The caching nameserver on the spam filtering machine will be able to lookup the sender's hostname, so sendmail accepts it. But, sendmail, on the mailserver hub will bounce it back to the spam filtering machine with an error.. 'Domain of sender address jthlhiyue () halosalbum com does not exist'. (that one is from this am.. registered yesterday by a spammer). The question is, is there something I can do to, other than telling the mail filter machines to all use the same instance of bind to avoid this happening? Also, a bit off topic, but it occurs to me that this kind of information is useful in spam fighting. Are there any rbls out there that list all domains registered in the last 48 hrs? Thanks for any ideas! Ken A Pacific.Net
--- End Message ---
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- fyi-- Ken A: negative caching of throwaway spam domains Paul Vixie (Jun 21)