Particular emails forcing SA timeouts

Steve Campbell campbell at cnpapers.com
Thu Sep 2 17:32:30 IST 2004 

To Mr. Hepworth and Mr. Dilworth:

Thanks so much for your analysis. I have increased my RBL and SA timeouts as
a starting point.

I still feel, though, that something is amiss, more than just timeouts and
feel Mr. Dilworth has also come across something worth noting here on the
list.

I get my share of SA timeouts.  After searching back through the mail logs,
I find that everyone of these emails received timeouts. As such, everyone
was delivered untouched. If there is a simple way of hopping DNS to exceed
the general settings most people have in their conf files, spammers have a
really easy way of getting their crap delivered. I'm just not sure how this
evasion of MS/SA is being done.

As I don't usually see this type of emails being delivered, I have become
suspicious of these email types from this particular Class A IP range.

I'll still watch and see what happens, though, and will inform anyone
interested through the list.

Thanks.

Steve Campbell
campbell at cnpapers.com
Charleston Newspapers

----- Original Message -----
From: "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Thursday, September 02, 2004 11:51 AM
Subject: Re: Particular emails forcing SA timeouts


> Or reduce the number of RBL's in use...
>
> I just use the spamcop-XBL and sorbs ones. More than that I found I was
> getting lots of SA-timeouts even on stupidly large timeout settings.
>
> I guess you could always rsync/whatever the files locally and have local
> zone files for the RBL's youself...
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Michael R. Dilworth (E-mail) wrote:
> >         I've seen this too, the domains have screwy dns. Just
> >         increase the time out value.
> >
> >         Save the message and run it trough sa with debug and
> >         you will see what I mean.  In my case it took 50 seconds
> >         to complete the dns lookups.
> >
> >

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

More information about the MailScanner mailing list