Loading ...
Sorry, an error occurred while loading the content.

186724Re: Possible SPAM mitigation trick

Expand Messages
  • Nathanael Hoyle
    Nov 22, 2005
    • 0 Attachment
      Wietse Venema wrote:
      > Nathanael Hoyle:
      >
      >>mouss wrote:
      >>
      >>>Nathanael Hoyle a ?crit :
      >>>
      >>>
      >>>>I liked Jorey's idea enough to give it a shot. Actually implemented it
      >>>>yesterday. I debated about having the 'dead' MX host point at a system
      >>>>which dropped the requests but logged them (via iptables or similar),
      >>>>not so much to see how much legitimate email made it through (which
      >>>>seems to be pretty much all of it so far), but to see how much nasty
      >>>>traffic hit the primary 'dead' host that failed to retry on the second.
      >>>> For now, I have gone with a somewhat different approach. I actually
      >>>>have the primary MX listed as an IP that is a network boundary (and
      >>>>therefore flatly unusable),
      >>>
      >>>what do you mean here?
      >>
      >>The IP is a network boundary address. i.e., if it were a class C
      >>network (/24). the address would be x.x.x.0, rather than 1-254 or
      >>broadcast (255). Because this IP refers to the *network* rather than a
      >>host therein, it cannot actually be assigned to a host. This means I
      >
      >
      > Oh yes it can.
      >
      > Your broadcast address is meaningful only for hosts on your subnet.
      >
      > Your broadcast address has no meaning for hosts on other subnets.
      >
      > Assign your broadcast address to an MX host record, and clients will
      > experience TCP timeout waits just as if they connect to a host that
      > is turned off.
      >
      > Wietse

      If you would please note, I used the bottom end network boundary, not
      the top-end broadcast address. To my understanding, this would be
      accurate in describing broadcast address behavior, but not network
      boundary address behavier. Would this in fact still apply for, for
      intance the .0 address in a class C?

      --
      Nathanael Hoyle
      Systems and Networking
      Speed Express Networks, LLC
      nhoyle@...
      432.837.2811
    • Show all 14 messages in this topic