----- Original Message ----- From: "Kevin Rogers" <[EMAIL PROTECTED]>
To: <Declude.Virus@declude.com>
Sent: Thursday, March 31, 2005 4:03 PM
Subject: [Declude.Virus] Covad has a problem with our RBL
I received the following email today from Covad - our access provider. It looks like they have a problem with Declude checking inbound emails against a realtime blackhole list. (The problem could also be several emails we've received lately with hundreds of recipients, many of which were invalid - so it could be the NDR problem mentioned).
Does anyone know if Declude, setup normally without much modification, is using more than 1 RBL, or, irregardless of how many it uses, would it be checking the RBL 12000 times an hour for a mail server that delivers about 6000 messages a day? Or do you think this most likely has to do with the too-many-invalid-recipients problem?
Thanks. Kevin
MESSAGE FOLLOWS ------------------------------- Dear Covad Customer,
Our records indicate that your computer has made 12497 requests during the hour we monitored it which accounted for 5.13% of the total traffic to the Covad nameservers in your region. The high volume of requests made by your computer to our nameservers causes a degradation of service for other Covad customers.
The IP address implicated is:
XX.XXX.XXX.XXX
Possible causes for this excessive activity includes, but not limited to the following reasons:
-Virus infected computer(s) sending infected emails which causes Covad servers to receive MX queries for every infected message.
-Computer hosting an open proxy or relay that is being abused by a spammer. Each outbound email will generate a DNS request.
-Mail server configured to check every inbound email on a realtime blackhole list (RBL). This could oppose a problem if there are more than two lists being queried.
-Mail server configured to send a non delivery receipt (NDR) for every email received at an invalid email address. NDR messages cause Covad servers to receive DNS requests as well as generate unnecessary traffic on a customer's network. NDR messages is also a way for spammers to confirm valid email addresses which could cause mail servers to receive even more spammed emails.
--- [This E-mail was scanned for viruses.]
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
--- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
