On Tue, 2007-01-30 at 07:47 -0500, Joey wrote: > -----Original Message----- > From: John Rudd [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 30, 2007 1:20 AM > To: David B Funk > Cc: users@spamassassin.apache.org > Subject: Re: Poor man's high MX spam Trap > > David B Funk wrote: > > On Mon, 29 Jan 2007, John Rudd wrote: > > > >> It doesn't have to be firewalled. It just has to be non-answering on > >> port 25. It's called "nolisting". > >> > >> I've thought about doing something similar. Nolisting only says: > >> > >> MX 1 non-answering.host > >> MX 10 real.host > >> > >> But adding the non-answering host to the end seems like a good idea > >> to me (for all of the spammers that try to attack the secondaries). > >> > >> There IS a risk of losing mail. But only if the sender is a non-RFC > >> compliant MTA. Which, in theory, might be legit.. but I bet in > >> practice, for this particular RFC issue, it's a near zero level of risk. > > > > > > Um, given that the RFCs (2821, etc) say that the MXs should be tried > > in order with the most preferred (lowest numeric value) first, > > wouldn't that scheme result in delays on all messages (as well as lost > > mail from servers that only try the "best" MX)? > > Small delays. They should try all of your MX hosts, in decreasing priority > order (increasing MX value order) until they get a success.
Success of what? 250 message accepted of connection accepted? > That's also in the RFC. So: > > a) the hosts that don't try the 2nd MX, aren't RFC complaint. > b) the delay should only be as much as it takes to timeout on the connection > to the highest priority, lowest MX number, non-answering, MX host. Plus > maybe one queue retry (depending on whether it tries the 2nd MX right away > or after a queue retry interval). > > > Why make your "best" MX be the non-answering.host? > > Because, according to the nolisting proponents (which I am not, I am just > experimenting and exploring the concept), the vast majority of the hosts > that don't do (a), above, are spam/virus sources. And, they say, the hosts > that don't do (a), but are legitimate, are so vanishingly small as to not be > worth worrying about. All of the qmail mailserver are only connecting to a higher distance MX server if and only if the lowest MX doesn't accept the connection. And doesn't accept the conenction means no 4xx or 5xx error. just nothing. If there is a connection made to a listening device then a higher mx is never tried > > ------------- > > > OK I caught this at the end and I'm seeing 2 potential tools to reduce spam. > > 1. is the non-answering host as the primary. Correct me if I'm wrong but > the delay would be almost non-exsistant because the time it takes for the > connection to timeout is almost non-existant and would be better then > greylisting which can cause huge delays based on sending servers not being > correctly configured. > > 2. I see the tarpit of creating a high ranking MX which would capture > information of spammers that would be dropped into a reject list. > > Does this fairly describe what we are talking about here? > > Ralf, or Wietse what do you think of these 2 techniques? > I basically dropped greylisting last week because of the headaches it was > causing with multiple sending smtp servers, and I have seen a huge increase > in spam, method one here sounds like a great replacement. > -- With kind regards, Maurice Lucas TAOS-IT
