Marc Perkel wrote:
Rick Cooper wrote:
I don't know what his reason is but had I attempted to send mail to your
server last Friday I could easily have ended up hitting one of your
higher
MXs. I had a problem with Verizon where I would loose my connection for
seconds to a min and everything would be fine for seconds to a min or
two.
This went on for hours, it was like someone flicking a light switch.
If exim
couldn't connect to your lower mx servers during one of these episodes it
would have rolled up the list as it should since Verizon has yet to
inform
my mail server they are having transient network problems and to consider
any connection issues to be temporary and please try again.
Rick
Rick, it does take multiple hits to get listed and I did add code that
if you hit all the high ones in sucession that it only counts as one.
However, having said that, this is experimental and there's a
possibility that it's just not going to work. I do believe that there's
information to be had by looking at hosts who hit high numbered MX
records when low numbered MX servers are available. I'm just trying to
figure out how to extract this information.
So - I ask the question - I think we can all agree that there's
information to be had. How do we extract this in a useful form an avoid
false positives?
If you're going to do this, I would suggest that instead of counting to
X hits on your low priority MX's and then blacklisting the IP, do this:
Count on all of your MX's, and look for a ratio between "hits on low
priority MX's and hits on high priority MX's".
IFF the high priority MX hit rate is 0, then just do a simple count on
the hits against the low priority MX's.
IF the highr priority MX hit rate is > 0, then do (low priority hit
rate) / (high priority hit rate), and look for a number >= something
like 10.
That way, senders that might sequentially try your servers, due to
problems, or even just because they roll through the servers over time,
wont get tagged.
- Re: My Newly Expanded DNS Blacklist - Who wants to try it? John Rudd
-
