4.40.5: IPBlock 451 versus 550

Rose, Bobby brose at MED.WAYNE.EDU
Fri Mar 18 14:39:14 GMT 2005 

I've been using milter-sender's greylisting which works great.  But one
of the problem's that I've noticed with milter-sender that is more
related to it's use of 451 to reject messages from domains where the MX
can't be contacted.  This is by design and understandable but leads to a
bad side effect.

Scenario:  blah at foo.com has their email forwarded to blah at foo.org.
blah at foo.com gets a message (let's say spammer at junk.com) with a MX that
doesn't accept accept connections (most likely a spammer with a bogus
DNS setup).  The message is forwarded to blah at foo.org which uses
milter-sender.  Milter-sender runs it's tests and thinks junk.com is
down and 451 the connection from foo.com.  Foo.com then keeps trying
over and over again until it's max delivery attempts are reached.  The
result of this is a lot unnecessary connections.  Since it's in the
RFC's that such things should be considered a temp failure, it would be
nice if milter-sender kept track of this ip, sender, recipient tuple
like it does with greylisting and allow you to 550 it after so many
tries.  I've made the suggestion to the milter-sender list but it's very
moderated and seems that only specific posts are allowed since I've
posted this suggestion a couple times and not seen it show up.

Has anyone else seen this kind of behavior or know of a milter that
might perform such a task as to reduce the impact.



-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
Behalf Of Rakesh
Sent: Thursday, March 17, 2005 8:01 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: 4.40.5: IPBlock 451 versus 550

Jeff A. Earickson wrote:

> Julian,
>
> Just curious as to why you changed IPBlock from fatal rejections to 
> tmpfail.  I've had a couple of spammers pounding on my system with 
> crap that would have ordinarily been booted by IPBlock for good.  Now 
> they just keep trying.  I've modified my copy of CustomConfig.pm in 
> 4.40.5 to do the 550 rejections again.


my idea of suggesting Jules for 451 error instead of 550 error code was
that, unknowingly we do not bounce back some geniune mails just because
the sending server is sending too many mails to us. For e.g. a yahoo's
outgoing server might be sending quite a good amount of mails to an MX
server hosting many domains. So if we just temporarily deny from
accepting the mail then however i am quaranteed that a good outgoing
server would definitely try again for delivery which won't be applicable
incase of a 550 rejection and probably some sending out an important
mail would finally get a bounce back for no good reason. This totally
different from the greylisting concept in which any server initiating a
first time connections will have to compulsarily try again later.

However majority spammers use hijacked machines or poor SMTP engines to
send out spams and asking them to try again later with 451 error code
wouldnt be of any harm as they don't bother to try again later so the
spams doesn't come at all. However if they are using someone else's
server which actually does retry sending the spam, then we can probably
notify the administrator to checkout his system or atleast have 1 hour
to block the IP on the firewall.

--
Regards,
Rakesh B. Pal
Emergic CleanMail Team.
Netcore Solutions Pvt. Ltd.

========================================================================
"First they ignore you. Then they laugh at you.
Then they fight you. Then you win."
                                                - M. Gandhi
========================================================================



----------------------------------------------------------
Netcore Solutions Pvt. Ltd.
Website:  http://www.netcore.co.in
Spamtraps: http://cleanmail.netcore.co.in/directory.html
----------------------------------------------------------

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list