Apparently there is a new spam mailer out there that attacks by hitting
your lowest precedence (highest numbered) MX host first.  Since this
machine is usually off site as part of a robust contingency plan for
mail delivery, it is nearly impossible to filter using sendmail, or
so I am told.  The From: line is usually blank and the envelope From
is either blank or from MAILER-DAEMON.

Since the low-precedence MX hosts are not usually under the control of
the site's postmaster, it's difficult to set up blocking.

Just a heads up.  I can forward the original alert I got from a
co-worker if anyone is sufficiently interested.

I thought of a fix, but it can have potentially far reaching results.
I was thinking that perhaps we should all set our lowest-priority MX
records to 127.0.0.1 or an unqualified "localhost".  THAT would
give the spammers something to choke on. :-)

[the loopback idea is only half serious, the rest is no joke.]

If this is the wrong list, please continue the discussion on the
RIGHT one.  I'm sorry to have wasted any unnecessary bandwidth.
The person in question scrapped sendmail and started using Exim
as a MTA.  Any comments?



				--*greywolf;
--
# greywolf@starwolf.com
# "...to raise a signal means to turn the light on; ... Responding to a
#  signal means turning the light off (and, under System V, hoping the bulb
#  won't blow when it's next turned on)..." -- Dan Bernstein