[NTLUG:Discuss] I need some advice, quick

Wayne Walker wwalker at bybent.com
Mon Dec 25 13:07:32 CST 2006 

I came into this late so you may have made changes before what I now
see.

It is a bad idea to point an MX record at an IP.  Some places won't
email to it and others won't accept mail from it.   I'd at least add an
A record for magnolia.lsimmons.net and point the MX record to
magnolia.lsimmons.net instead of the IP.



On Wed, Dec 20, 2006 at 08:50:09PM -0600, Lance Simmons wrote:
> I've been running a mail server at home for about 5 years.  Nothing
> fancy, and I only have a couple of accounts (wife and kids old enough
> to use email), and everything seemed to be fine.  I thought I had the
> spam problem under control, using spamassassin and bogofilter, but in
> the past 3 or 4 months, the spam was getting way out of control.
> 
> I was swimming in spam (every day I had to hand delete hundreds, even
> though my spamassassin and bogofilter were catching many more
> hundreds), and I didn't have time to devote to the problem.  So I
> tried something that seemed reasonable: I changed my .forward file to
> direct mail to my gmail account (because gmail does good spam
> filtering), instead of to procmail (which sent the mail to
> spamassassin and bogofilter).  It seemed like a good idea.
> 
> The first thing I noticed was that about 90% of the spam my exim4 mail
> server was forwarding to my gmail account was not showing up in the
> gmail spam box.  I guess it was so obviously spam there was no need to
> show it to me.  Fine.
> 
> But then I noticed that within a few days, I started not getting
> emails from people.  Lots of people told me that they were sending me
> email and I wasn't getting it.  I started to get concerned.  It got so
> bad that I stopped the experiment, and changed my .forward file back
> to the old  "|/usr/bin/procmail".  But things didn't get better. And
> now, I see that my domain (lsimmons.net) no longer has DNS records.
> 
> Is it possible that by forwarding so much spam to gmail, my mail
> server got targetted as a compromised machine?  Could there be some
> other way of finding out why DNS lookups don't work for me?
> 
> I guess I have two questions:
> 
> 1: How do I find out why DNS lookups aren't working for me any more?
> (I've checked with my registrar (joker.com) and with my nameserver
> (zoneedit.com), and things seem normal.
> 
> 2.  Was it a bad idea (maybe a really bad idea) to bounce my incoming,
> spam-riddled mail to my gmail account?
> 
> I know this isn't directly Linux-related, but wasn't sure who else to
> ask, and I'm feeling some urgency here.
> 
> -- 
> Lance Simmons
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss

-- 

Wayne Walker

www.unwiredbuyer.com - when you just can't be by the computer

wwalker at bybent.com                    Do you use Linux?!
http://www.bybent.com                 Get Counted!  http://counter.li.org/
Perl - http://www.perl.org/           Perl User Groups - http://www.pm.org/
Jabber:  wwalker at jabber.gnumber.com   AIM:     lwwalkerbybent
IRC:     wwalker on freenode.net

More information about the Discuss mailing list