Re: Possible MX Lookup/Ordering Issue
> I can paste the logs, but since they aren't debug level logs (only normalWe don't need no steenkeeng debug logs at this point. The
> /var/log/maillog), they are unlikely to help in tracking down the problem.
> But if there's a debug parameter you want me to reconfigure postfix with
> to get some more detailed logs, I'm more than happy to add it and report
normal logging show exactly which IP addresses the SMTP
client tries to connect to.
You may obfuscate the recipient (as long as you give the domain
name in the text) but please do not remove process ID, time
stamp or other information.
- On Thu, 1 Nov 2007, mouss wrote:
> gordan@... wrote:Sure - but I've tested this across different networks and different
>> On Thu, 1 Nov 2007, mouss wrote:
>>> this does not prove that using 10 records significantly reduces the spam
>>> received on the real MXes. This only shows the dsitribution of spam
>>> attempts when using 10 records.
>> Sure - but unless spam that went to MX10 then went and tried MX2, the
>> spam wasn't delivered to MX2.
> As Jorey said, it's not like there is a finite quantity of spam to be
> distributed among MXes. I have domains that receive 0 spam (and they
> have an MX). BTW. I also see smtp attempts to machines that are not
> listed as MX for any domain.
domains. There is always the dominant shape of the curve: disproportionate
number of connections on the 1st nth, n-1 and n-2 MX records (where n is
the number of MX-es).
>>> the experiment would be:It worked so well that I never bothered gathering any stats. But I guess I
>>> test 1: with only 2 records, what amount of spam is targetting the real
>>> MX. do this for some period of time (so that there are actually many bot
>>> test 2: do the same test with 10 records.
>>> if the amount of spam (on the "real" MX) in test 2 is significantly
>>> lower than in test 1, then 10 records would be useful. otherwise, you
>>> are just putting more honey for the flies.
>> The difference is extremely signifficant. It is also signifficant
>> between 3 and 5 MX-es, although it gets less measurable when going from
>> 10 upward.
> you did not show actual numbers for this.
could go through my spam folder and put some numbers to it when I have a
>>> No. see above. you are comparing numbers in a single setup. you are notBecause there is still a measurable drop, and it isn't exactly an
>>> comparing different setups (different number of records).
>> Yes I was. I tested with increasing numbers of MX records and the amount
>> of spam reduced. You do get into diminishing returns (statistically, 10
>> gets around 90% of it away, going from 10 to 100 only reduces it by
>> another 9%), so usually I don't bother with more than about 15. The
>> drop-off is actually better than linear because spammers seem to target
>> the 1st highest and 3 lowest MX-es, so adding more in the middle just
>> dilutes the ones that target a random MX.
> If they target 1st and last 3, then why 10 instead of 5?
>> You could, of course, just try it yourself for some figures you canYou'll need some quite spam-heavy unused domains to gather the statistics
>> trust. :-)
> I suspect there may be broken MTAs out there, so I keep myself under the
> 2 MX limit to avoid any risk on "real" domains. but I may test this on
> domains unused in email.