Ok that works great if you KNOW the domain.. but what do you do when this happens once every 3 or 4 days to random domains?
On Thu, 20 Jan 2005 20:30:18 +0100, Chr. von Stuckrad <[EMAIL PROTECTED]> wrote: > On Thu, Jan 20, 2005 at 01:47:12PM -0500, Matt wrote: > > Ahh ha! Got it.. it seems to be domains that either the name servers > > are not responding.. or the domain doesn't exist yet.. for instance: > > > > debug: DNS MX records found: 0 > > > > Is there anyway to get around this? It seems to hang and do this > > twice for long enough to delay the system... any thoughts? > > Two things. You can change the timeout in spamassassin's configs, > but some spammers did something which made the situation worse. > > They created lots of subdomains and redirected all > mail for them to MTAs of (what we saw) 'saveinternet.net' > > They defined correct DNS entries and MX Records, > but then filtered completely all IP-Traffic to /dev/null. > > So *every* try to *really* access them goes into > timeouts and bogs down the mailserver. > > I Assume they do it to get rid of MTAs which > try to confirm their sender addresses. > > So IF you get mail from such spammers you either > get slowed down by the timeouting confirmation-tests, > or you get your queues 'bloated' by bounces. > > The only thing we could do, was to create a fake > DNS-Table in our local DNS-Server (locally for > the MTA-Host) and let the MTA believe the whole > Domain is completely empty. > > So the MTA assumes there is nobody to reach and > drops the Mail instantaneously. > (20% less load on the MTA since then) > > Yours Stucki > > -- > Christoph von Stuckrad * * |nickname |<[EMAIL PROTECTED]>\ > Freie Universitaet Berlin |/_*|'stucki' |Tel(days):+49 30 838-75 459| > Fachbereich Mathematik, EDV|\ *|if online|Tel(else):+49 30 77 39 6600| > Arnimallee 2-6/14195 Berlin* * |on IRCnet|Fax(alle):+49 30 838-75454/ >
