Re: Excess SMTP traffic to non-mail host

From: dr john halewood (
Date: 03/27/02

From: dr john halewood <>
To: "Basil Hussain" <>, <>
Date: Wed, 27 Mar 2002 16:41:06 +0000

On Wednesday 27 March 2002 12:10 pm, Basil Hussain wrote:
> Hi,
> I have recently noticed a rather worrying trend appearing in the logs from
> our firewall here. Over the past fortnight or so, there has been a fairly
> steady increase in the amount of port 25 (SMTP) connection attempts to a
> host which isn't (and never has been) a mail host. This host only serves a
> web site, the domain's e-mail being served by another host on a different
> IP address.
> Has anyone any clues what's going on here? Misconfigured remote mail hosts?
> Missing MX records somewhere out there? DDoS against mail hosts?

Probably you're getting hit by idiotic spamming software. I've seen this many
times where you have DNS entries like IN A IN A IN MX IN A

Stupid mail programs often ignore the MX record ( for email and
use's IP address instead. The geographical pattern you report also
suggests it's bad spambots as well ;-)


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: