I can't see the incompatibility between the rate-limiting and the dummy mx, but maybe if you turn the dummy mx into a tarpit you can make life too difficult for legitimate (but very fast?) bouncers. Is that what you mean?
Yes, I meant compatibility in a general sense -- as in are the ideas, when used together, effective or counterproductive?
Probably your domain is used a lot by spammers as spoofed reply-to..
Oh, yeah! Randomly-generated username plus our domain name. Why us? No idea. Probably the single-dictionary-word domain name. It adds up to a zillion bounces, a ton of probes, and several bogus complaints a week.
What I'm seeing with the tarpit is that of the connections that stick around long enough to issue FROM and RCPT, nearly all look like the DSNs and probes above. Since a lot of these "senders" tend to saturate the rate limits we impose, it seems likely that they're tying up the max number of connections we allow on our primary, cascading to the secondary and then to the dummy. (Or they could be targetting the low-priority MX, spammer-style.)
On one hand, I want to tie up *spammers'* resources, not people checking their own incoming mail. On the other hand, they *are* hammering us with bogus bounces and excessive (and often repeated) probes to the point where I consider it an abuse of *our* resources, so I don't feel *too* bad.
My main concern is that this could happen, on occasion, with a legit sender. If for some reason a site tries to open too many simultaneous connections, they'll get sucked into the tarpit instead of waiting and trying again.
-- Kelson Vibber SpeedGate Communications <www.speed.net>
