From owner-freebsd-questions@freebsd.org  Thu Jan 12 23:07:16 2017
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CAD6BCADDAC
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Thu, 12 Jan 2017 23:07:16 +0000 (UTC)
 (envelope-from byrnejb@harte-lyne.ca)
Received: from inet08.hamilton.harte-lyne.ca (inet08.hamilton.harte-lyne.ca
 [216.185.71.28])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "inet08.hamilton.harte-lyne.ca",
 Issuer "CA_HLL_ISSUER_2016" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 8923910C0
 for <freebsd-questions@freebsd.org>; Thu, 12 Jan 2017 23:07:16 +0000 (UTC)
 (envelope-from byrnejb@harte-lyne.ca)
Received: from localhost (localhost [127.0.0.1])
 by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTP id 4E8C662272
 for <freebsd-questions@freebsd.org>; Thu, 12 Jan 2017 13:14:11 -0500 (EST)
X-Virus-Scanned: amavisd-new at harte-lyne.ca
Received: from inet08.hamilton.harte-lyne.ca ([127.0.0.1])
 by localhost (inet08.hamilton.harte-lyne.ca [127.0.0.1]) (amavisd-new,
 port 10024)
 with ESMTP id eXB4slayUJi9 for <freebsd-questions@freebsd.org>;
 Thu, 12 Jan 2017 13:14:09 -0500 (EST)
Received: from webmail.harte-lyne.ca (inet04.hamilton.harte-lyne.ca
 [216.185.71.24])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by inet08.hamilton.harte-lyne.ca (Postfix) with ESMTPSA id B13D662101
 for <freebsd-questions@freebsd.org>; Thu, 12 Jan 2017 13:14:08 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=harte-lyne.ca;
 s=dkim_hll; t=1484244849;
 bh=tiYXiUTJrJslS0xD9qEmRz3moe2zxdY2mXm2CVXaxzU=;
 h=In-Reply-To:References:Date:Subject:From:To:Reply-To;
 b=UFbGIsIgYiBnHMi+ncUhqhcfEaI6b8URZYqpE2V+fkXD4AZl0gDYDDQdarFMWt2QM
 P63mrvgCQ2PHpYxh1jvJNbavt3yR6gDPvVBToKem5C4J0CFc1b2zGaYFJmnQ3Dlx3L
 fDpIazLYPURcANKw3nRaRvxQ5FyzkTEsoapHPInrRZVkHlMsh/BvEkPP9IkDPUwL6/
 O0jloWNqwpeaOemMa9sILnZYHWMfUKghS4DsJ5jKs6OZQO4GNJYOvqxDgeLvfELPi3
 MqWcNVmuCon8YVqAbKUaRvcISC9srb6/Ozp0g3Kr2A+v8r8t0UKiMnh5r4+du9fi00
 0nw6SHr5+YcEw==
Received: from 216.185.71.44 (SquirrelMail authenticated user byrnejb_hll)
 by webmail.harte-lyne.ca with HTTP; Thu, 12 Jan 2017 13:14:09 -0500
Message-ID: <23452361f18e06fccb64293d30f1b6eb.squirrel@webmail.harte-lyne.ca>
In-Reply-To: <mailman.128.1484222402.46410.freebsd-questions@freebsd.org>
References: <mailman.128.1484222402.46410.freebsd-questions@freebsd.org>
Date: Thu, 12 Jan 2017 13:14:09 -0500
Subject: Re: spamassassin not lethal anymore
From: "James B. Byrne" <byrnejb@harte-lyne.ca>
To: freebsd-questions@freebsd.org
Reply-To: byrnejb@harte-lyne.ca
User-Agent: SquirrelMail/1.4.22-4.el6
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2017 23:07:16 -0000


On Wed, January 11, 2017 20:34, Russell L. Carter wrote:
> On 01/11/17 17:24, Kurt Buff wrote:
>> Snippety snip...

>>
>> A secondary MX that refuses mail when the primary is up and running
>> foils one of the favorite tactics of spammers - they will often
>> target
>> the secondary MX because those are often not as up to date with
>> anti-spam measures. Most spambots try one MX, one time only.
>>
>> Many spambots will try that secondary MX, get refused with a 4xx
>> error, and not bother to try the primary MX at all.
>>
>> It can be a big win, in the right situation.
>
> Ah.  Awesome.  How do I do that?
>


If you have control over your forward zone DNS then you can simply
create a bogus MX record with a lower priority (higher number) than
any of your real MX records.

example.com.  	172800	IN	MX	30 mx30host.example.com.
example.com.  	172800	IN	MX	50 mx50host.example.com.
example.com.  	172800	IN	MX	70 mx70host.example.com.
example.com.  	172800	IN	MX	90 mx90host.example.com.


;# mx90host.example.com. is not real - no listener at this address.
mx90host.example.com.   IN      A       192.168.0.90

There is nothing listening at 192.168.0.90 on port 25 so the spammer
generally just goes away.

If you wish to get fancy then you can honey-pot the source address
instead.  The assigned address could be your own or be one of the
public junk mail submission addresses a la project honeypot.  Just
make sure to clear this redirection with the intended recipient before
doing so.


-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB@Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3