Loading ...
Sorry, an error occurred while loading the content.

Re: Possible MX Lookup/Ordering Issue

Expand Messages
  • Jorey Bump
    ... You might want to explain what you re trying to accomplish with your multiple MX records. This list is ridiculously long, and the TTLs are far to high for
    Message 1 of 44 , Nov 1, 2007
    • 0 Attachment
      gordan@... wrote, at 11/01/2007 09:56 AM:

      > The MTA should try the MX-es in the correct order, regardless of whether
      > the Additional section contains the high priority MX information or not.
      > If that takes a second look-up specifically for the high priority MX, so
      > be it.

      You might want to explain what you're trying to accomplish with your
      multiple MX records. This list is ridiculously long, and the TTLs are
      far to high for an experiment. It's hard to look at the results of this
      query and jump to the conclusion that Postfix is at fault:

      $ dig mx bobich.net
      ;; Truncated, retrying in TCP mode.

      ; <<>> DiG 9.3.4-P1 <<>> mx bobich.net
      ;; global options: printcmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24305
      ;; flags: qr rd ra; QUERY: 1, ANSWER: 65, AUTHORITY: 2, ADDITIONAL: 4

      ;; QUESTION SECTION:
      ;bobich.net. IN MX

      ;; ANSWER SECTION:
      bobich.net. 86287 IN MX 294
      mail294.shatteredsilicon.net.
      bobich.net. 86287 IN MX 295
      mail295.shatteredsilicon.net.
      bobich.net. 86287 IN MX 296
      mail296.shatteredsilicon.net.
      bobich.net. 86287 IN MX 20
      mail2.shatteredsilicon.net.
      bobich.net. 86287 IN MX 30
      mail3.shatteredsilicon.net.
      bobich.net. 86287 IN MX 40
      mail4.shatteredsilicon.net.
      bobich.net. 86287 IN MX 50
      mail5.shatteredsilicon.net.
      bobich.net. 86287 IN MX 60
      mail6.shatteredsilicon.net.
      bobich.net. 86287 IN MX 104
      mail104.shatteredsilicon.net.
      bobich.net. 86287 IN MX 105
      mail105.shatteredsilicon.net.
      bobich.net. 86287 IN MX 106
      mail106.shatteredsilicon.net.
      bobich.net. 86287 IN MX 114
      mail114.shatteredsilicon.net.
      bobich.net. 86287 IN MX 115
      mail115.shatteredsilicon.net.
      bobich.net. 86287 IN MX 116
      mail116.shatteredsilicon.net.
      bobich.net. 86287 IN MX 124
      mail124.shatteredsilicon.net.
      bobich.net. 86287 IN MX 125
      mail125.shatteredsilicon.net.
      bobich.net. 86287 IN MX 126
      mail126.shatteredsilicon.net.
      bobich.net. 86287 IN MX 134
      mail134.shatteredsilicon.net.
      bobich.net. 86287 IN MX 135
      mail135.shatteredsilicon.net.
      bobich.net. 86287 IN MX 136
      mail136.shatteredsilicon.net.
      bobich.net. 86287 IN MX 144
      mail144.shatteredsilicon.net.
      bobich.net. 86287 IN MX 145
      mail145.shatteredsilicon.net.
      bobich.net. 86287 IN MX 146
      mail146.shatteredsilicon.net.
      bobich.net. 86287 IN MX 154
      mail154.shatteredsilicon.net.
      bobich.net. 86287 IN MX 155
      mail155.shatteredsilicon.net.
      bobich.net. 86287 IN MX 156
      mail156.shatteredsilicon.net.
      bobich.net. 86287 IN MX 164
      mail164.shatteredsilicon.net.
      bobich.net. 86287 IN MX 165
      mail165.shatteredsilicon.net.
      bobich.net. 86287 IN MX 166
      mail166.shatteredsilicon.net.
      bobich.net. 86287 IN MX 174
      mail174.shatteredsilicon.net.
      bobich.net. 86287 IN MX 175
      mail175.shatteredsilicon.net.
      bobich.net. 86287 IN MX 176
      mail176.shatteredsilicon.net.
      bobich.net. 86287 IN MX 184
      mail184.shatteredsilicon.net.
      bobich.net. 86287 IN MX 185
      mail185.shatteredsilicon.net.
      bobich.net. 86287 IN MX 186
      mail186.shatteredsilicon.net.
      bobich.net. 86287 IN MX 194
      mail194.shatteredsilicon.net.
      bobich.net. 86287 IN MX 195
      mail195.shatteredsilicon.net.
      bobich.net. 86287 IN MX 196
      mail196.shatteredsilicon.net.
      bobich.net. 86287 IN MX 204
      mail204.shatteredsilicon.net.
      bobich.net. 86287 IN MX 205
      mail205.shatteredsilicon.net.
      bobich.net. 86287 IN MX 206
      mail206.shatteredsilicon.net.
      bobich.net. 86287 IN MX 214
      mail214.shatteredsilicon.net.
      bobich.net. 86287 IN MX 215
      mail215.shatteredsilicon.net.
      bobich.net. 86287 IN MX 216
      mail216.shatteredsilicon.net.
      bobich.net. 86287 IN MX 224
      mail224.shatteredsilicon.net.
      bobich.net. 86287 IN MX 225
      mail225.shatteredsilicon.net.
      bobich.net. 86287 IN MX 226
      mail226.shatteredsilicon.net.
      bobich.net. 86287 IN MX 234
      mail234.shatteredsilicon.net.
      bobich.net. 86287 IN MX 235
      mail235.shatteredsilicon.net.
      bobich.net. 86287 IN MX 236
      mail236.shatteredsilicon.net.
      bobich.net. 86287 IN MX 244
      mail244.shatteredsilicon.net.
      bobich.net. 86287 IN MX 245
      mail245.shatteredsilicon.net.
      bobich.net. 86287 IN MX 246
      mail246.shatteredsilicon.net.
      bobich.net. 86287 IN MX 254
      mail254.shatteredsilicon.net.
      bobich.net. 86287 IN MX 255
      mail255.shatteredsilicon.net.
      bobich.net. 86287 IN MX 256
      mail256.shatteredsilicon.net.
      bobich.net. 86287 IN MX 264
      mail264.shatteredsilicon.net.
      bobich.net. 86287 IN MX 265
      mail265.shatteredsilicon.net.
      bobich.net. 86287 IN MX 266
      mail266.shatteredsilicon.net.
      bobich.net. 86287 IN MX 274
      mail274.shatteredsilicon.net.
      bobich.net. 86287 IN MX 275
      mail275.shatteredsilicon.net.
      bobich.net. 86287 IN MX 276
      mail276.shatteredsilicon.net.
      bobich.net. 86287 IN MX 284
      mail284.shatteredsilicon.net.
      bobich.net. 86287 IN MX 285
      mail285.shatteredsilicon.net.
      bobich.net. 86287 IN MX 286
      mail286.shatteredsilicon.net.

      ;; AUTHORITY SECTION:
      bobich.net. 86287 IN NS ns2.tildeslashdot.co.uk.
      bobich.net. 86287 IN NS ns1.tildeslashdot.co.uk.

      ;; ADDITIONAL SECTION:
      mail2.shatteredsilicon.net. 86324 IN A 217.79.103.2
      mail3.shatteredsilicon.net. 86333 IN A 217.79.103.3
      ns1.tildeslashdot.co.uk. 86287 IN A 217.79.103.2
      ns2.tildeslashdot.co.uk. 86287 IN A 64.239.2.143

      ;; Query time: 8 msec
      ;; SERVER: 192.168.1.3#53(192.168.1.3)
      ;; WHEN: Thu Nov 1 10:09:35 2007
      ;; MSG SIZE rcvd: 1714
    • gordan@bobich.net
      ... Sure - but I ve tested this across different networks and different domains. There is always the dominant shape of the curve: disproportionate number of
      Message 44 of 44 , Nov 1, 2007
      • 0 Attachment
        On Thu, 1 Nov 2007, mouss wrote:

        > gordan@... wrote:
        >> On Thu, 1 Nov 2007, mouss wrote:
        >>> this does not prove that using 10 records significantly reduces the spam
        >>> received on the real MXes. This only shows the dsitribution of spam
        >>> attempts when using 10 records.
        >>
        >> Sure - but unless spam that went to MX10 then went and tried MX2, the
        >> spam wasn't delivered to MX2.
        >>
        >
        > As Jorey said, it's not like there is a finite quantity of spam to be
        > distributed among MXes. I have domains that receive 0 spam (and they
        > have an MX). BTW. I also see smtp attempts to machines that are not
        > listed as MX for any domain.

        Sure - but I've tested this across different networks and different
        domains. There is always the dominant shape of the curve: disproportionate
        number of connections on the 1st nth, n-1 and n-2 MX records (where n is
        the number of MX-es).

        >>> the experiment would be:
        >>>
        >>> test 1: with only 2 records, what amount of spam is targetting the real
        >>> MX. do this for some period of time (so that there are actually many bot
        >>> runs).
        >>>
        >>> test 2: do the same test with 10 records.
        >>>
        >>> if the amount of spam (on the "real" MX) in test 2 is significantly
        >>> lower than in test 1, then 10 records would be useful. otherwise, you
        >>> are just putting more honey for the flies.
        >>
        >> The difference is extremely signifficant. It is also signifficant
        >> between 3 and 5 MX-es, although it gets less measurable when going from
        >> 10 upward.
        >
        > you did not show actual numbers for this.

        It worked so well that I never bothered gathering any stats. But I guess I
        could go through my spam folder and put some numbers to it when I have a
        moment.

        >>> No. see above. you are comparing numbers in a single setup. you are not
        >>> comparing different setups (different number of records).
        >>
        >> Yes I was. I tested with increasing numbers of MX records and the amount
        >> of spam reduced. You do get into diminishing returns (statistically, 10
        >> gets around 90% of it away, going from 10 to 100 only reduces it by
        >> another 9%), so usually I don't bother with more than about 15. The
        >> drop-off is actually better than linear because spammers seem to target
        >> the 1st highest and 3 lowest MX-es, so adding more in the middle just
        >> dilutes the ones that target a random MX.
        >>
        >
        > If they target 1st and last 3, then why 10 instead of 5?

        Because there is still a measurable drop, and it isn't exactly an
        expensive solution.

        >> You could, of course, just try it yourself for some figures you can
        >> trust. :-)
        >
        > I suspect there may be broken MTAs out there, so I keep myself under the
        > 2 MX limit to avoid any risk on "real" domains. but I may test this on
        > domains unused in email.

        You'll need some quite spam-heavy unused domains to gather the statistics
        quickly enough.

        Gordan
      Your message has been successfully submitted and would be delivered to recipients shortly.