--David Woodhouse <dwmw2(_at_)infradead(_dot_)org> wrote:
Secondly, we could consider it in context. In particular, consider it in
the context of
<1078868976(_dot_)17344(_dot_)5(_dot_)camel(_at_)imladris(_dot_)demon(_dot_)co(_dot_)uk>
in which
I said "backup MX servers ... perform recipient verification callouts so
that the only time they may accept a mail which eventually gets accepted
is if the primary is _actually_ uncontactable at the time".
You are quite right, I didn't review the message in the context of previous
ones, and therefore jumped to conclusions. Please excuse... those remarks
were intended for someone whose secondary just accepts all mail all the
time :)
Good. I think everyone agrees that accept-then-bounce should be avoided
as much as possible. However, my point was that if you _cannot_ avoid
accepting the mail in the first place, it's better to accept-then-bounce
spam than to accept-and-drop valid mail.
Agreed. Do you think it would be that bad to not have a secondary at all?
Or to have the secondary give a 4xx result if the address can't be
verified? How long does it take to receive the queued mail after the
primary comes back up? All are things to consider when weighing whether to
have a secondary.
But yeah, accepting then dropping is bad.
Strangely enough, I just started doing this for altavista.com - forged,
bounced mail will now be rejected with a 454 message. Hopefully this
will fill up the mail queues of irresponsible admins who
accept-then-bounce.
That's an interesting idea. I currently give a 5xx rejection to bounces
to dwmw2(_at_)infradead(_dot_)org (which address never sends email, qv.). Giving
4xx errors would cause it to stay on their queue...
On the other hand, I half suspect that those who can't be bothered to
fix their mailers to reject mail at SMTP time are _also_ unlikely to
bother to watch their mail queue or logs. We'd cause the offending MTA
to keep retrying for a few days and then the mail would bounce anyway,
and a lot of the owners of these machines wouldn't even notice the
difference. I would though, in my own logs. It'd probably annoy me more
than it'd annoy the offenders :)
You are probably right. However, if one or two mailer admins will "wake up
and smell the mail queue" then I will consider it worthwhile. In the first
day we went from 3M connections a day to 15M the second day, so they are
definitely accelerating.
Some of the worst offenders were sending us 1000 bounces a day... so by
going to 454 we will be increasing that to 1000 every 15 min for the first
day, and up to 5000 per 15 min the fifth day. That ought to get someone's
attention. Then again they are probably already getting queued mail
buildup over time of accepting forged mail from domains that have
unreachable-type problems.
The smaller players are maybe 20 that send 100 or more a day, and maybe 40
more that have reached the 100 per day point after the escalation started.
At 100+ I have been just blocking them entirely with connection refused
100% of the time. As it is we don't have enough capacity to serve all
connections, so I serve 20% - 30% (down from 50-60%) with mail servers and
the rest with connection refused, but non-bounce messages will eventually
get through and get their "550 unknown user" except the known-spammy 100+
ones now blocked for good.
Since the domain gets no mail and sends no mail, I could just define it as
MX 0 . and free up those two servers, and I will probably do so when I get
bored of it. For now it is my testbed and playground :)
--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>