The background
So the primary domain name for my company, a three-character .com address at that, almost expired yesterday.
For political reasons (and maybe a bit of timidity on my part), these are under someone's personal Network Solutions account rather than a company account.
The first clue I got was a user coming to me about not receiving an email from a vendor, after having confirmed over the phone that the vendor sent it multiple times.
I went to investigate by doing a tail -f maillog and watching some mail flow in, then sending test messages from external email accounts. None of it was getting through.
This was because of the domain name almost expiring and Network Solutions turning off our MX records. I am assuming this is what happened - I didn't think to check the MX record until afterwards, and without access to the account and no direct contact with the account holder, the only way I can think of to check this is to have someone else forward their undeliverable bounce to us so I can see the code.
The part that was bugging me about this theory is why, if our MX was turned off, were we still getting email at all?
Then I looked a bit closer at what email we were getting and realized that all of it was spam.
The Observations/Questions
1 - Check the MX record whenever you suspect there is a mail routing problem between mail servers. Yeah I'm a postfix/smtp n00b.
2 - IT control in my company needs some major refactoring/consolidating.
3 (the reason for this post, besides just to share a story) - Do spammers store IPs of known good target mail servers, and if so would changing the mail server's IP every couple years help at all?
[link] [1 comment]