Mailing List CGatePro@mail.stalker.com Message #92562
From: Mike Cardwell <communigatepro@lists.grepular.com>
Subject: Re: Spammers bypassing Appliance!
Date: Tue, 11 Sep 2007 15:51:24 +0100
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
Reece Webb wrote:

We've run into a problem which is only getting worse; spammers are bypassing our spam appliance, which sits in front of our CGP server. The only MX Record for our domain points to the appliance, so I'm guessing that these spammers are not performing MX lookups.

Is this the server in question? ...

mike@clayman:~$ telnet gse.harvard.edu 25
Trying 128.103.178.24...
Connected to gse.harvard.edu.
Escape character is '^]'.
220 gse.harvard.edu ESMTP CommuniGate Pro 4.3.11
quit
221 gse.harvard.edu CommuniGate Pro SMTP closing connection

It's very common for spammers to connect to the A record, as well as, or instead of, connecting to the mx servers.

Dave Poosers solution re blacklisting the entire Internet other than your MX servers seems the most sensible solution, because authenticated users are still allowed through.

Mike
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster