[NTLUG:Discuss] DNS failures tied to spam problem? (Was: Re: I need some advice, quick)

Lance Simmons simmons.lance at gmail.com
Wed Dec 20 20:54:42 CST 2006 

I've added a descriptive subject line.

On 12/20/06, Lance Simmons <simmons.lance at gmail.com> wrote:
> I've been running a mail server at home for about 5 years.  Nothing
> fancy, and I only have a couple of accounts (wife and kids old enough
> to use email), and everything seemed to be fine.  I thought I had the
> spam problem under control, using spamassassin and bogofilter, but in
> the past 3 or 4 months, the spam was getting way out of control.
>
> I was swimming in spam (every day I had to hand delete hundreds, even
> though my spamassassin and bogofilter were catching many more
> hundreds), and I didn't have time to devote to the problem.  So I
> tried something that seemed reasonable: I changed my .forward file to
> direct mail to my gmail account (because gmail does good spam
> filtering), instead of to procmail (which sent the mail to
> spamassassin and bogofilter).  It seemed like a good idea.
>
> The first thing I noticed was that about 90% of the spam my exim4 mail
> server was forwarding to my gmail account was not showing up in the
> gmail spam box.  I guess it was so obviously spam there was no need to
> show it to me.  Fine.
>
> But then I noticed that within a few days, I started not getting
> emails from people.  Lots of people told me that they were sending me
> email and I wasn't getting it.  I started to get concerned.  It got so
> bad that I stopped the experiment, and changed my .forward file back
> to the old  "|/usr/bin/procmail".  But things didn't get better. And
> now, I see that my domain (lsimmons.net) no longer has DNS records.
>
> Is it possible that by forwarding so much spam to gmail, my mail
> server got targetted as a compromised machine?  Could there be some
> other way of finding out why DNS lookups don't work for me?
>
> I guess I have two questions:
>
> 1: How do I find out why DNS lookups aren't working for me any more?
> (I've checked with my registrar (joker.com) and with my nameserver
> (zoneedit.com), and things seem normal.
>
> 2.  Was it a bad idea (maybe a really bad idea) to bounce my incoming,
> spam-riddled mail to my gmail account?
>
> I know this isn't directly Linux-related, but wasn't sure who else to
> ask, and I'm feeling some urgency here.
>
> --
> Lance Simmons
>

More information about the Discuss mailing list