On 3/23/2011 7:38 AM, Blaine Fleming wrote:
On 3/23/2011 9:56 AM, dar...@chaosreigns.com wrote:
In the recent sa-updates, the Spam Eating Monkey rules were
inappropriately enabled. If you hit them too much, they start returning
100% false positives. Their listed limits are "more than 100,000 queries
per day or more than 5 queries per second for more than a few minutes".
As soon as the bug was reported on the dev list I disabled the
127.0.0.255 response code to avoid any additional issues. I will be
turning this functionality back on as soon as the SA rules are updated
which I assume will be soon.
I would recommend blackholing those IP addresses at the firewall of the
DNS server, especially those 300 million+ sites that are impossible to
contact. They might finally notice they have a serious configuration
issue and stop querying if their mail delivery backs up.
Warren
