10 RBLS x 1200 emails in an hour is easily 12K hits.
The 10 RBLS is also conservative. I am sure they will end up doing what AT&T does and just blackhole queries to certain RBL's. I would look at setting up a local DNS server.
Darrell
------------------------------------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers.
Kevin Rogers writes:
I received the following email today from Covad - our access provider. It looks like they have a problem with Declude checking inbound emails against a realtime blackhole list. (The problem could also be several emails we've received lately with hundreds of recipients, many of which were invalid - so it could be the NDR problem mentioned).
Does anyone know if Declude, setup normally without much modification, is using more than 1 RBL, or, irregardless of how many it uses, would it be checking the RBL 12000 times an hour for a mail server that delivers about 6000 messages a day? Or do you think this most likely has to do with the too-many-invalid-recipients problem?
Thanks. Kevin
MESSAGE FOLLOWS
-------------------------------
Dear Covad Customer,
Our records indicate that your computer has made 12497 requests during the hour we monitored it which accounted for 5.13% of the total traffic to the Covad nameservers in your region. The high volume of requests made by your computer to our nameservers causes a degradation of service for other Covad customers.
The IP address implicated is:
XX.XXX.XXX.XXX
Possible causes for this excessive activity includes, but not limited to the following reasons:
-Virus infected computer(s) sending infected emails which causes Covad servers to receive MX queries for every infected message.
-Computer hosting an open proxy or relay that is being abused by a spammer. Each outbound email will generate a DNS request.
-Mail server configured to check every inbound email on a realtime blackhole list (RBL). This could oppose a problem if there are more than two lists being queried.
-Mail server configured to send a non delivery receipt (NDR) for every email received at an invalid email address. NDR messages cause Covad servers to receive DNS requests as well as generate unnecessary traffic on a customer's network. NDR messages is also a way for spammers to confirm valid email addresses which could cause mail servers to receive even more spammed emails.
---
[This E-mail was scanned for viruses.]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
