• Home
  • The Song
  • The Avatar
  • The Cat
  • Contact the Cat

Gyp the Cat dot Com

Computers

Spammers Ignore MX Records

We recently changed our SMTP mail routing via our MX records to point a hosted email service after running our own inhouse email filtering for the last few years.

We changed the MX records, updated the rules on our firewall to route from our email service providers servers to our own Exchange servers and after the usual 48 hours for these things to propagate across we signed it off as a project complete.

6 months later we came to investigate a mail routing issue, and on checking the firewall logs we were still seeing traffic directly hitting the IP address of our old MX records hosted in our DMZ.  Strange we thought, so we plugged in Posfix to talk SMTP on this IP address just to see what was happening.

Funnily enough all the email that was coming through was blocked by RBLs so we can say that a change in MX records will not necessarily protect you from spammers who try to use old SMTP and MX details to push their email to you.  This is why a DMZ and a proper granular firewall policy makes them oh so much worth while.  So don’t trust MX records to protect your Exchange or other MDA enviornment from junk mail.

Related

Written by gyp - October 8, 2010 - 2354 Views
Tags | internet, smtp

You Might Also Like

Easy(ish) IPSec VPN with Shared ECDSA Certificates for Host to Host Connections

October 22, 2015

Backing Up All MySQL Databases Individually using Cron

November 11, 2012

How to Block Ads on iPhone and iPad Jailbreak Free

April 17, 2012

2 Comments

  • bob July 24, 2014 at 11:26 pm

    4 years later, i noticed this behavior too.

    i moved to another server but kept the old one going “just in case”. mx records were changed and all seemed well.

    for reading purposes, i prefer gmail’s interface. on the old server, i was using aliases to push mail to my gmail account. (i’ve switched to using gmail’s mailfetcher to pull mail from the new server)

    i was having a hard time figuring out why heaps of spam were showing up in gmail.

    like you say, the spammers were using the old server. to address the problem, i just deleted every account. there’s still a server at that ip address but it won’t actually accept mail anymore. this way, i figure the spammers won’t know to look up the new mx. 🙂

    Reply
    • gyp July 25, 2014 at 9:31 am

      Hi Bob,

      Glad to see spammers don’t change their tactics, gives us an easy way to catch them!

      Thanks for commenting and sounds like you’ve fixed it, well done 🙂

      Gyp

      Reply

    Please Post Your Comments & Reviews
    Cancel reply

    Your email address will not be published. Required fields are marked *

    Previous Post
    Next Post

    Latest Posts

    • Kusto Geolocation IP Lookup
    • Monitoring Tor Usage in Azure Sentinel, ASC, MDATP and ALA
    • HTTP to HTTPS Redirect on Azure CDN
    • Strongswan IPSec (Including Cryptomap) to Microsoft Azure Virtual Network Gateway
    • Black Ops 3 NAT Type Strict & PS4 NAT Type 3 with pfSense Fixed!
    • Sorry for the lack of posts
    • How to Block Internet Access with Group Policy (GPO)
    • Enforcing Microsoft Office 365 and Azure Tennancy with McAfee Web Gateway (MWG)
    • Scanning Subnet for Issuing Certificate Authority with OpenSSL
    • How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi

    Top Posts & Pages

    • How to Block Internet Access with Group Policy (GPO)
      How to Block Internet Access with Group Policy (GPO)
    • IPSec VPN Host to Host on Ubuntu 14.04 with strongSwan
      IPSec VPN Host to Host on Ubuntu 14.04 with strongSwan
    • ISEB Business Analysis (BA) Revision Notes
      ISEB Business Analysis (BA) Revision Notes
    • How to fix Mail Loops Back to Myself
      How to fix Mail Loops Back to Myself
    • How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
      How to Configure Windows 2012 NPS for Radius Authentication with Ubiquiti Unifi
    • HTTP to HTTPS Redirect on Azure CDN
      HTTP to HTTPS Redirect on Azure CDN
    • 3 Ethical Dilemma for Information Security Professionals
      3 Ethical Dilemma for Information Security Professionals
    • Responding to a Website Defacement
      Responding to a Website Defacement
    • How to DNSPerf on Ubuntu 14.04 with Installation and Quick Start
      How to DNSPerf on Ubuntu 14.04 with Installation and Quick Start
    • How to Create a Site to Host VPN on Ubuntu for AWS, Azure and Linode with pfsense
      How to Create a Site to Host VPN on Ubuntu for AWS, Azure and Linode with pfsense

    Tags

    apache2 azure azure log analytics blops business centos cheating cissp cloudflare cryptography dns game google gyp internet iphone ipsec isc linux mac marketing microsoft mw2 mx mysql nginx pfsense postfix proxy ps3 qualification radius revision security seo smtp socks squid ssh strongswan tinyproxy ubuntu windows 2012 wordpress xdecrypt.com
    Gyp the Cat dot Com

    Some rights retained Gyp the Cat Dot Com