Notes on new IPBlock code, 4.25-11

[Raymond Dijkxhoorn]

Hi!

> machine came alive at 00:01:32 last night.  With a config limit of 100
> messages/hour, the machine was IPBlocked at 00:14:07, with 6 subsequent
> connections blocked out.  But, the rogue machine had flooded my mqueue.in
> with several thousand messages in those 13 minutes, and it took nearly
> two hours for this flood to be processed by my server.  A lot of these
> messages were subsequently deleted as high-spam by Spamassassin and MS,
> or doublebounced, or were blocked by AOL (the target site).  Some got
> delivered.  The tsunami of spam was already on my mail server by the
> time MS shut the door, since IPBlock is run last in the MS process.

Thats due to Swen. But you could fight Swen. I assume you have currently
the MX functions for your server AND the smtp relay function on the same
box ? Swen does a MX lookup and starts to blow mail. If you want to stop
this, seperate the MX and SMTP function. If your MX -ONLY- accepts mail
for @yourdomain.com it will -completely- block this crap. Since its always
mail to external party's, most of them AOL.COM and that wont pass the
rules of your MX, since its not TO: @yourdomain. I didnt see a simgle AOL
Swen thing pass since we altered our configs. Load dropped with around
1M messages a day, so i guess AOL was pretty happy when we activated the
changes.

Bye,
Raymond.