John Rudd wrote:
If you're going to do this, I would suggest that instead of counting
to X hits on your low priority MX's and then blacklisting the IP, do
this:
Count on all of your MX's, and look for a ratio between "hits on low
priority MX's and hits on high priority MX's".
IF the high priority MX hit rate is 0, then just do a simple count on
the hits against the low priority MX's.
IF the highr priority MX hit rate is > 0, then do (low priority hit
rate) / (high priority hit rate), and look for a number >= something
like 10.
That way, senders that might sequentially try your servers, due to
problems, or even just because they roll through the servers over
time, wont get tagged.
That's a good suggestion. You have me thinking. I'm using Exim and it
has the RateLimit logic. Rather than a ratio I could maybe create a time
window where if they hit the proper MX then it bypasses the improper MX
tests for a fixed number of seconds.
- Re: My Newly Expanded DNS Blacklist - Who wants to try it? Marc Perkel
-