186724Re: Possible SPAM mitigation trick
- Nov 22, 2005Wietse Venema wrote:
> Nathanael Hoyle:If you would please note, I used the bottom end network boundary, not
>>>Nathanael Hoyle a ?crit :
>>>>I liked Jorey's idea enough to give it a shot. Actually implemented it
>>>>yesterday. I debated about having the 'dead' MX host point at a system
>>>>which dropped the requests but logged them (via iptables or similar),
>>>>not so much to see how much legitimate email made it through (which
>>>>seems to be pretty much all of it so far), but to see how much nasty
>>>>traffic hit the primary 'dead' host that failed to retry on the second.
>>>> For now, I have gone with a somewhat different approach. I actually
>>>>have the primary MX listed as an IP that is a network boundary (and
>>>>therefore flatly unusable),
>>>what do you mean here?
>>The IP is a network boundary address. i.e., if it were a class C
>>network (/24). the address would be x.x.x.0, rather than 1-254 or
>>broadcast (255). Because this IP refers to the *network* rather than a
>>host therein, it cannot actually be assigned to a host. This means I
> Oh yes it can.
> Your broadcast address is meaningful only for hosts on your subnet.
> Your broadcast address has no meaning for hosts on other subnets.
> Assign your broadcast address to an MX host record, and clients will
> experience TCP timeout waits just as if they connect to a host that
> is turned off.
the top-end broadcast address. To my understanding, this would be
accurate in describing broadcast address behavior, but not network
boundary address behavier. Would this in fact still apply for, for
intance the .0 address in a class C?
Systems and Networking
Speed Express Networks, LLC
- << Previous post in topic Next post in topic >>