4.40.5: IPBlock 451 versus 550

Julian Field MailScanner at ecs.soton.ac.uk
Sat Mar 19 11:47:28 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I think you've got it exactly right. I primarily intended it to throttle
flooding from your own users/customers' boxes. So I would specify a low
limit for your customers IP netblocks, and have a fairly high default
for the rest of the world.

Rakesh wrote:

> thanks Jeff,
>
> test it on real time scenarios and suggest what would help to make
> things better and easier. Even I have implemented it on my live servers.
> Probably one thing down the line we have to do is by default maintain a
> list of some well known outgoing servers of yahoo or other heavy traffic
> outgoing servers and set them to have a greater connection limit
> (specify greater limits for them in IPBlock.conf). That we have to see
> if it would really help others.  What do you think on this ? Julian
> please let us know your views as well.
>
> Rakesh
>
> Jeff A. Earickson wrote:
>
>> Rakesh,
>>    Point taken.  I have changed my CustomConfig.pm back to using 451
>> instead of 550.  I'll see if the problem returns.  Hey, this is
>> a beta version of MailScanner and those of us who run it should
>> be willing to test the new features.
>>
>> Jeff Earickson
>> Colby College
>>
>> On Thu, 17 Mar 2005, Rakesh wrote:
>>
>>> Date: Thu, 17 Mar 2005 18:30:35 +0530
>>> From: Rakesh <rakesh at NETCORE.CO.IN>
>>> Reply-To: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
>>> To: MAILSCANNER at JISCMAIL.AC.UK
>>> Subject: Re: 4.40.5: IPBlock 451 versus 550
>>>
>>> Jeff A. Earickson wrote:
>>>
>>>> Julian,
>>>>
>>>> Just curious as to why you changed IPBlock from fatal rejections
>>>> to tmpfail.  I've had a couple of spammers pounding on my system
>>>> with crap that would have ordinarily been booted by IPBlock for
>>>> good.  Now they just keep trying.  I've modified my copy of
>>>> CustomConfig.pm in 4.40.5 to do the 550 rejections again.
>>>
>>>
>>>
>>>
>>> my idea of suggesting Jules for 451 error instead of 550 error code was
>>> that, unknowingly we do not bounce back some geniune mails just because
>>> the sending server is sending too many mails to us. For e.g. a yahoo's
>>> outgoing server might be sending quite a good amount of mails to an MX
>>> server hosting many domains. So if we just temporarily deny from
>>> accepting the mail then however i am quaranteed that a good outgoing
>>> server would definitely try again for delivery which won't be
>>> applicable
>>> incase of a 550 rejection and probably some sending out an important
>>> mail would finally get a bounce back for no good reason. This totally
>>> different from the greylisting concept in which any server initiating a
>>> first time connections will have to compulsarily try again later.
>>>
>>> However majority spammers use hijacked machines or poor SMTP engines to
>>> send out spams and asking them to try again later with 451 error code
>>> wouldnt be of any harm as they don't bother to try again later so the
>>> spams doesn't come at all. However if they are using someone else's
>>> server which actually does retry sending the spam, then we can probably
>>> notify the administrator to checkout his system or atleast have 1 hour
>>> to block the IP on the firewall.
>>>
>>> --
>>> Regards,
>>> Rakesh B. Pal
>>> Emergic CleanMail Team.
>>> Netcore Solutions Pvt. Ltd.
>>>
>>> ========================================================================
>>>
>>> "First they ignore you. Then they laugh at you.
>>> Then they fight you. Then you win."
>>>                                               - M. Gandhi
>>> ========================================================================
>>>
>>>
>>>
>>>
>>> ----------------------------------------------------------
>>> Netcore Solutions Pvt. Ltd.
>>> Website:  http://www.netcore.co.in
>>> Spamtraps: http://cleanmail.netcore.co.in/directory.html
>>> ----------------------------------------------------------
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
>
>
>
> --
> Regards,
> Rakesh B. Pal
> Emergic CleanMail Team.
> Netcore Solutions Pvt. Ltd.
>
> ========================================================================
> "First they ignore you. Then they laugh at you.
> Then they fight you. Then you win."
>                                                - M. Gandhi
> ========================================================================
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list