Particular emails forcing SA timeouts

Thu Sep 2 17:46:57 IST 2004

<x-flowed>
Mr Campbell (or may I call you Steve!)

yes the timeout periods can help, but my question is *why* are you
getting timeouts.

Which RBL's are you using? have you considered a zone transfer of the
RBL's to ensure 'reachbility'?

As I've said before on previous threads I'm only using surbl.org (for
the URI scanning) and the spamcop-xbl (as a true RBL). I run a local
caching DNS server on the MS host and see very very few timeouts. When I
have lots of RBL's (the SA default if you turn on RBLS) I get lots of
timeouts and as consequence lots of spam leaks through.

Oh and I also have a bandwidth guarantee on my DNS queries that bounce
up to my ISP for resolution, but looking at the traffic that doesn't
seem to make much difference.

--
Martin Hepworth
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

Steve Campbell wrote:
> To Mr. Hepworth and Mr. Dilworth:
>
> Thanks so much for your analysis. I have increased my RBL and SA timeouts as
> a starting point.
>
> I still feel, though, that something is amiss, more than just timeouts and
> feel Mr. Dilworth has also come across something worth noting here on the
> list.
>
> I get my share of SA timeouts.  After searching back through the mail logs,
> I find that everyone of these emails received timeouts. As such, everyone
> was delivered untouched. If there is a simple way of hopping DNS to exceed
> the general settings most people have in their conf files, spammers have a
> really easy way of getting their crap delivered. I'm just not sure how this
> evasion of MS/SA is being done.
>
> As I don't usually see this type of emails being delivered, I have become
> suspicious of these email types from this particular Class A IP range.
>
> I'll still watch and see what happens, though, and will inform anyone
> interested through the list.
>
> Thanks.
>
> Steve Campbell
> campbell at cnpapers.com
> Charleston Newspapers
>
> ----- Original Message -----
> From: "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
> To: <MAILSCANNER at JISCMAIL.AC.UK>
> Sent: Thursday, September 02, 2004 11:51 AM
> Subject: Re: Particular emails forcing SA timeouts
>
>
>
>>Or reduce the number of RBL's in use...
>>
>>I just use the spamcop-XBL and sorbs ones. More than that I found I was
>>getting lots of SA-timeouts even on stupidly large timeout settings.
>>
>>I guess you could always rsync/whatever the files locally and have local
>>zone files for the RBL's youself...
>>
>>
>>--
>>Martin Hepworth
>>Snr Systems Administrator
>>Solid State Logic
>>Tel: +44 (0)1865 842300
>>
>>
>>Michael R. Dilworth (E-mail) wrote:
>>
>>>        I've seen this too, the domains have screwy dns. Just
>>>        increase the time out value.
>>>
>>>        Save the message and run it trough sa with debug and
>>>        you will see what I mean.  In my case it took 50 seconds
>>>        to complete the dns lookups.
>>>
>>>
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>