Sorry, I have not closely followed this
thread.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-----Original Message-----
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic
Sent: Monday,
September 27, 2004 4:43 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail]
Stop one IP address
John,
I have nothing to do with the list. I do
not even know where it is. They supply the list to the e-mail broadcaster and
then I learn about it as my server hits a wall from the NDRs coming in.
![]()
Goran Jovanovic
The LAN Shoppe
2345 Yonge Street, Suite 302
Toronto, Ontario M4P 2E5
Phone: (416)
440-1167 x-2113
Cell: (416)
931-0688
E-Mail: [EMAIL PROTECTED]
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John Tolmachoff (Lists)
Sent: Monday,
September 27, 2004 7:23 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail]
Stop one IP address
I would also put that list OFF of the
Imail server. Maybe a IIS server or something.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Goran Jovanovic
Sent: Monday,
September 27, 2004 4:10 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail]
Stop one IP address
I did not think that if I was simply the
MX record for the domain that I would get blacklisted. I thought that it would
be the broadcast e-mail service provider.
The flood of NDRs certainly puts a strain
on our server and while it seems that I was able to keep up with it today I am
told that this list is going to grow from the 20-30 thousand e-mails that are
on it today to over 200,000 e-mails. This list is something that people sign up
for but there is no verification of their e-mail address so they can type in
anything they want (or make a legitimate typo).
I think I am going to have a stronger word
with them about this and tell them that they must clean up their act.
Thanx to all for the info
![]()
Goran Jovanovic
The LAN Shoppe
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bilbee
Sent: Monday,
September 27, 2004 2:52 PM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail]
Stop one IP address
This is one of your customers saying they
do not care. I would boot them for abusing your servers or at least charge them
for the headaches. If they continue you will end up on black lists for
continually sending to non existent email addresses. You may think that
because the emails are not being sent from your server that you will not be
bleck listed but there are lists out there that will black list you because the
NDRs are being delivered to your server.
We are on AT&T and had a customer
doing just this. We told them to stop or we would terminate there service, we
did this after AT&T theratened to terminate our service after they received
complaints to their abuse address. The source of the email was not our server
but they used an email on our server for the NDRs.
-----Original Message-----
From: Goran Jovanovic
[mailto:[EMAIL PROTECTED]On
Behalf Of Goran Jovanovic
Sent: Monday,
September 27, 2004 11:31 AM
To: [EMAIL PROTECTED]
Subject: RE: [Declude.JunkMail]
Stop one IP address
According to the IMail manual you can only put e-mail
addresses into the KILL.LST file. It does not say anything about IPs.
I have told them that they need to clean up their lists but
they say that it is too much trouble and they don't care.
Matt - do you have the name of that product that collects
NDRs and cleans the list?
From:
[EMAIL PROTECTED] on behalf of Colbeck, Andrew
Sent: Mon 9/27/2004 1:56 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [Declude.JunkMail]
Stop one IP address
You can hide the problem by going into
your IMail configuration under SMTP, then the SMTP Security tab and adding the
IP address to the IMail Kill File. When IMail sees a connection from
that IP, it drops it, without returning an error to the sender, and without
logging the action in your sysMMDD.txt file.
I say that this is hiding the problem,
because it doesn't address the problem directly, and you won't have any idea
how many times they're retrying. Because the connection is just dropped,
they should try again, and will. Whether that is more of an impact than
"swallowing them" like you're doing now is up to you!
Another sneaky way of dropping the traffic
is to disallow routing entirely, right there on your server.
route add -p 1.1.1.1 mask 255.255.255.255
127.0.0.1
replace the 1.1.1.1 with the address of
the bad host.
-----Original Message-----
From: Goran Jovanovic [mailto:[EMAIL PROTECTED]
Sent: Monday,
September 27, 2004 9:59 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Stop
one IP address
Hi,
From what I can see the imail kill.lst works on the MAIL FROM recipient.
I am looking for a way to specifically disallow one IP address. The reason I
need to do the IP is because the sender is NULL. The messages are bounce backs
from an e-mail campaign of one of the domains that I forward (you know all the
messages email address is no longer valid etc etc).
This domain uses a service somewhere out there and gives them a list.
Unfortunately they do not clean or verify the list at all so a lot of
bouncebacks. They will do a broadcast to 25-30 thousand and I will see a 2000
to 3000 incoming e-mail spike in an hour or 2.
As a temporary measure I have whitelisted the IP so that I do not spend
as much processing time but I would really like to kill the connection as it
comes in so I so not have to process much of it.
Any other thoughts on what I can do?
Thanx
![]()
Goran Jovanovic
The LAN Shoppe
|
