... and, Kevin, you should get back to Covad and tell them that you will remediate the problem. This will let them know that you play nice, and stop them from taking actions against your traffic!
Andrew 8) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Thursday, March 31, 2005 2:19 PM To: [email protected] Subject: Re: [Declude.Virus] Covad has a problem with our RBL Yes, its very possible. 10 RBLS x 1200 emails in an hour is easily 12K hits. The 10 RBLS is also conservative. I am sure they will end up doing what AT&T does and just blackhole queries to certain RBL's. I would look at setting up a local DNS server. Darrell ------------------------------------------------------------------------ Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Kevin Rogers writes: > I received the following email today from Covad - our access provider. > It > looks like they have a problem with Declude checking inbound emails > against a realtime blackhole list. (The problem could also be several > emails we've received lately with hundreds of recipients, many of which > were invalid - so it could be the NDR problem mentioned). > > Does anyone know if Declude, setup normally without much modification, > is > using more than 1 RBL, or, irregardless of how many it uses, would it be > checking the RBL 12000 times an hour for a mail server that delivers about > 6000 messages a day? Or do you think this most likely has to do with the > too-many-invalid-recipients problem? > > Thanks. Kevin > > MESSAGE FOLLOWS > ------------------------------- > Dear Covad Customer, > > Our records indicate that your computer has made 12497 requests during > the > hour we monitored it which accounted for 5.13% of the total traffic to the > Covad nameservers in your region. The high volume of requests made by your > computer to our nameservers causes a degradation of service for other > Covad customers. > > The IP address implicated is: > > XX.XXX.XXX.XXX > > Possible causes for this excessive activity includes, but not limited > to > the following reasons: > > -Virus infected computer(s) sending infected emails which causes Covad > servers to receive MX queries for every infected message. > -Computer hosting an open proxy or relay that is being abused by a > spammer. Each outbound email will generate a DNS request. > -Mail server configured to check every inbound email on a realtime > blackhole list (RBL). This could oppose a problem if there are more than > two lists being queried. > -Mail server configured to send a non delivery receipt (NDR) for every > email received at an invalid email address. NDR messages cause Covad > servers to receive DNS requests as well as generate unnecessary traffic on > a customer's network. NDR messages is also a way for spammers to confirm > valid email addresses which could cause mail servers to receive even more > spammed emails. > > --- > [This E-mail was scanned for viruses.] > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
