Correction: We're not connecting to the RBL 12000 times an hour - we're
connecting to Covad's nameservers 12000 times an hour.
Kevin Rogers wrote:
I received the following email today from Covad - our access
provider. It looks like they have a problem with Declude checking
inbound emails against a realtime blackhole list. (The problem could
also be several emails we've received lately with hundreds of
recipients, many of which were invalid - so it could be the NDR
problem mentioned).
Does anyone know if Declude, setup normally without much modification,
is using more than 1 RBL, or, irregardless of how many it uses, would
it be checking the RBL 12000 times an hour for a mail server that
delivers about 6000 messages a day? Or do you think this most likely
has to do with the too-many-invalid-recipients problem?
Thanks. Kevin
MESSAGE FOLLOWS
-------------------------------
Dear Covad Customer,
Our records indicate that your computer has made 12497 requests during
the hour we monitored it which accounted for 5.13% of the total
traffic to the Covad nameservers in your region. The high volume of
requests made by your computer to our nameservers causes a degradation
of service for other Covad customers.
The IP address implicated is:
XX.XXX.XXX.XXX
Possible causes for this excessive activity includes, but not limited
to the following reasons:
-Virus infected computer(s) sending infected emails which causes Covad
servers to receive MX queries for every infected message.
-Computer hosting an open proxy or relay that is being abused by a
spammer. Each outbound email will generate a DNS request.
-Mail server configured to check every inbound email on a realtime
blackhole list (RBL). This could oppose a problem if there are more
than two lists being queried.
-Mail server configured to send a non delivery receipt (NDR) for every
email received at an invalid email address. NDR messages cause Covad
servers to receive DNS requests as well as generate unnecessary
traffic on a customer's network. NDR messages is also a way for
spammers to confirm valid email addresses which could cause mail
servers to receive even more spammed emails.
---
[This E-mail was scanned for viruses.]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses.]
---
[This E-mail was scanned for viruses.]
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
