[Mailscanner] SpamCop IP's

Julian Field mailscanner at ecs.soton.ac.uk
Wed Sep 25 10:51:22 IST 2002 

Most of this has migrated into a discussion about DNS server setups. I
would advise use of a local caching DNS server as this will increase the
speed of repeated lookups considerably. The DNS system already has positive
and negative result cache timeouts in it, and if you aren't caching
yourself, then the next DNS server upstream from you will be caching
anyway. So you might as well do it on your own net and speed things up.

For the reasons highlighted before (e.g. use of the DUL list, which is a
list of all known IP addresses allocated to dialup lines around the world),
MailScanner only uses the last hop. Anything before the last hop can be
trivially faked, so there's absolutely no point wasting CPU on extracting
the IP addresses from the headers and testing them. Any professional
spammer will fake them anyway.

At 01:28 25/09/2002, you wrote:
>True, if the lookup has not been cached, it would go to the server
>authoritative for the zone.  You should be able to control the
>length of time the cache is valid for though.  For the most part, I have
>added entries to my /etc/mail/access file to allow servers
>that I know have been blacklisted, but for one reason or another, I must
>allow mail to flow from.  On a very rare occasion, I have
>to add an entry, but it's on the order of once a month or less.
>
>
>
>-----Original Message-----
>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK]On
>Behalf Of Matt
>Sent: Tuesday, September 24, 2002 7:09 PM
>To: MAILSCANNER at JISCMAIL.AC.UK
>Subject: Re: [Mailscanner] SpamCop IP's
>
>
> > I couldn't answer that one.  That's one reason I stop them with sendmail
>rather than tagging them.
> > One thing you might consider (if you haven't already) is use a caching
>(local) nameserver on your > mail server.
>
>I thought the blackhole lookups went right to the server or mirror and were
>not cached.  I am not sure that caching would be a good thing.  A black
>listed server would have to get out of the cache even after getting
>unlisted.  I do have a local caching DNS server that I may have the
>webserver use in the future.
>
>Matt

--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ

More information about the MailScanner mailing list