On Tue, 2003-09-16 at 15:35, Kenneth Kabagambe wrote: > ---------- Original Message ----------- > From: Patrick Okui <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Sent: 16 Sep 2003 13:55:28 +0300 > Subject: Re: lug_: DNS and verisign -- all .COMs now exist > > > On Tue, 2003-09-16 at 13:27, Paul Bagyenda wrote: > > > What do the ISP guys feel about this: > > > > > > > we've routed the IP to NULL0 aka /dev/null on our distribution routers. > > if all ISPs do something similar, we won't have that much of a problem. > > > > my 2 cents. > > Patrick. > > Patrick Okui <[EMAIL PROTECTED]> > > Systems Administrator > > One2Net (U) Ltd > > > > --------------------------------------------- > > This service is hosted on the Infocom network > > http://www.infocom.co.ug > ------- End of Original Message ------- > > But Patrick, wont this just cause email servers behind your routers to > quickly queue up with mail, with a Connection Timeout? I would think that > doing reverse dns lookups would be better since they would filter out those > domains that donot exist and maybe someone can hackup a script to > automatically blacklist those domains that fall in this category.
Hi Ken Yes it will. Ideally most MTA's allow you to blacklist mail from/to particular servers by ip or domain name. The mail in the queue will be routed to /dev/null after its retry time expires. Unless of course you don't mind the possibility that verisign could decide to read your clients mail each time they make a typho with say yahoo.com and type something funny. Routing the ip to /dev/null also saves me bw on my sat link :-D. As some mail servers of my client's are beyond what I can edit, the null0 route is the best I can offer them - plus instructions on how to do the reject of mail in the MTAs considering that I'm not authoritative for .com (so I can't tell which domains are non-existent without a full lookup via verisign) and neither am I authoritative for the reverse. Another thing to note is *lots* of valid e-mail hosts, do not have reverse dns for their domains. Those that do usually have wrong records. just my 2cts. > > ken > > > > --------------------------------------------- > This service is hosted on the Infocom network > http://www.infocom.co.ug -- Patrick Okui <[EMAIL PROTECTED]> Systems Adminstrator One2Net (U) Ltd --------------------------------------------- This service is hosted on the Infocom network http://www.infocom.co.ug
