[NTLUG:Discuss] I need some advice, quick
Wayne Walker
wwalker at bybent.com
Mon Dec 25 13:07:32 CST 2006
I came into this late so you may have made changes before what I now
see.
It is a bad idea to point an MX record at an IP. Some places won't
email to it and others won't accept mail from it. I'd at least add an
A record for magnolia.lsimmons.net and point the MX record to
magnolia.lsimmons.net instead of the IP.
On Wed, Dec 20, 2006 at 08:50:09PM -0600, Lance Simmons wrote:
> I've been running a mail server at home for about 5 years. Nothing
> fancy, and I only have a couple of accounts (wife and kids old enough
> to use email), and everything seemed to be fine. I thought I had the
> spam problem under control, using spamassassin and bogofilter, but in
> the past 3 or 4 months, the spam was getting way out of control.
>
> I was swimming in spam (every day I had to hand delete hundreds, even
> though my spamassassin and bogofilter were catching many more
> hundreds), and I didn't have time to devote to the problem. So I
> tried something that seemed reasonable: I changed my .forward file to
> direct mail to my gmail account (because gmail does good spam
> filtering), instead of to procmail (which sent the mail to
> spamassassin and bogofilter). It seemed like a good idea.
>
> The first thing I noticed was that about 90% of the spam my exim4 mail
> server was forwarding to my gmail account was not showing up in the
> gmail spam box. I guess it was so obviously spam there was no need to
> show it to me. Fine.
>
> But then I noticed that within a few days, I started not getting
> emails from people. Lots of people told me that they were sending me
> email and I wasn't getting it. I started to get concerned. It got so
> bad that I stopped the experiment, and changed my .forward file back
> to the old "|/usr/bin/procmail". But things didn't get better. And
> now, I see that my domain (lsimmons.net) no longer has DNS records.
>
> Is it possible that by forwarding so much spam to gmail, my mail
> server got targetted as a compromised machine? Could there be some
> other way of finding out why DNS lookups don't work for me?
>
> I guess I have two questions:
>
> 1: How do I find out why DNS lookups aren't working for me any more?
> (I've checked with my registrar (joker.com) and with my nameserver
> (zoneedit.com), and things seem normal.
>
> 2. Was it a bad idea (maybe a really bad idea) to bounce my incoming,
> spam-riddled mail to my gmail account?
>
> I know this isn't directly Linux-related, but wasn't sure who else to
> ask, and I'm feeling some urgency here.
>
> --
> Lance Simmons
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
--
Wayne Walker
www.unwiredbuyer.com - when you just can't be by the computer
wwalker at bybent.com Do you use Linux?!
http://www.bybent.com Get Counted! http://counter.li.org/
Perl - http://www.perl.org/ Perl User Groups - http://www.pm.org/
Jabber: wwalker at jabber.gnumber.com AIM: lwwalkerbybent
IRC: wwalker on freenode.net
More information about the Discuss
mailing list