- gordan@... wrote, at 11/01/2007 09:56 AM:

> The MTA should try the MX-es in the correct order, regardless of whether

You might want to explain what you're trying to accomplish with your

> the Additional section contains the high priority MX information or not.

> If that takes a second look-up specifically for the high priority MX, so

> be it.

multiple MX records. This list is ridiculously long, and the TTLs are

far to high for an experiment. It's hard to look at the results of this

query and jump to the conclusion that Postfix is at fault:

$ dig mx bobich.net

;; Truncated, retrying in TCP mode.

; <<>> DiG 9.3.4-P1 <<>> mx bobich.net

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24305

;; flags: qr rd ra; QUERY: 1, ANSWER: 65, AUTHORITY: 2, ADDITIONAL: 4

;; QUESTION SECTION:

;bobich.net. IN MX

;; ANSWER SECTION:

bobich.net. 86287 IN MX 294

mail294.shatteredsilicon.net.

bobich.net. 86287 IN MX 295

mail295.shatteredsilicon.net.

bobich.net. 86287 IN MX 296

mail296.shatteredsilicon.net.

bobich.net. 86287 IN MX 20

mail2.shatteredsilicon.net.

bobich.net. 86287 IN MX 30

mail3.shatteredsilicon.net.

bobich.net. 86287 IN MX 40

mail4.shatteredsilicon.net.

bobich.net. 86287 IN MX 50

mail5.shatteredsilicon.net.

bobich.net. 86287 IN MX 60

mail6.shatteredsilicon.net.

bobich.net. 86287 IN MX 104

mail104.shatteredsilicon.net.

bobich.net. 86287 IN MX 105

mail105.shatteredsilicon.net.

bobich.net. 86287 IN MX 106

mail106.shatteredsilicon.net.

bobich.net. 86287 IN MX 114

mail114.shatteredsilicon.net.

bobich.net. 86287 IN MX 115

mail115.shatteredsilicon.net.

bobich.net. 86287 IN MX 116

mail116.shatteredsilicon.net.

bobich.net. 86287 IN MX 124

mail124.shatteredsilicon.net.

bobich.net. 86287 IN MX 125

mail125.shatteredsilicon.net.

bobich.net. 86287 IN MX 126

mail126.shatteredsilicon.net.

bobich.net. 86287 IN MX 134

mail134.shatteredsilicon.net.

bobich.net. 86287 IN MX 135

mail135.shatteredsilicon.net.

bobich.net. 86287 IN MX 136

mail136.shatteredsilicon.net.

bobich.net. 86287 IN MX 144

mail144.shatteredsilicon.net.

bobich.net. 86287 IN MX 145

mail145.shatteredsilicon.net.

bobich.net. 86287 IN MX 146

mail146.shatteredsilicon.net.

bobich.net. 86287 IN MX 154

mail154.shatteredsilicon.net.

bobich.net. 86287 IN MX 155

mail155.shatteredsilicon.net.

bobich.net. 86287 IN MX 156

mail156.shatteredsilicon.net.

bobich.net. 86287 IN MX 164

mail164.shatteredsilicon.net.

bobich.net. 86287 IN MX 165

mail165.shatteredsilicon.net.

bobich.net. 86287 IN MX 166

mail166.shatteredsilicon.net.

bobich.net. 86287 IN MX 174

mail174.shatteredsilicon.net.

bobich.net. 86287 IN MX 175

mail175.shatteredsilicon.net.

bobich.net. 86287 IN MX 176

mail176.shatteredsilicon.net.

bobich.net. 86287 IN MX 184

mail184.shatteredsilicon.net.

bobich.net. 86287 IN MX 185

mail185.shatteredsilicon.net.

bobich.net. 86287 IN MX 186

mail186.shatteredsilicon.net.

bobich.net. 86287 IN MX 194

mail194.shatteredsilicon.net.

bobich.net. 86287 IN MX 195

mail195.shatteredsilicon.net.

bobich.net. 86287 IN MX 196

mail196.shatteredsilicon.net.

bobich.net. 86287 IN MX 204

mail204.shatteredsilicon.net.

bobich.net. 86287 IN MX 205

mail205.shatteredsilicon.net.

bobich.net. 86287 IN MX 206

mail206.shatteredsilicon.net.

bobich.net. 86287 IN MX 214

mail214.shatteredsilicon.net.

bobich.net. 86287 IN MX 215

mail215.shatteredsilicon.net.

bobich.net. 86287 IN MX 216

mail216.shatteredsilicon.net.

bobich.net. 86287 IN MX 224

mail224.shatteredsilicon.net.

bobich.net. 86287 IN MX 225

mail225.shatteredsilicon.net.

bobich.net. 86287 IN MX 226

mail226.shatteredsilicon.net.

bobich.net. 86287 IN MX 234

mail234.shatteredsilicon.net.

bobich.net. 86287 IN MX 235

mail235.shatteredsilicon.net.

bobich.net. 86287 IN MX 236

mail236.shatteredsilicon.net.

bobich.net. 86287 IN MX 244

mail244.shatteredsilicon.net.

bobich.net. 86287 IN MX 245

mail245.shatteredsilicon.net.

bobich.net. 86287 IN MX 246

mail246.shatteredsilicon.net.

bobich.net. 86287 IN MX 254

mail254.shatteredsilicon.net.

bobich.net. 86287 IN MX 255

mail255.shatteredsilicon.net.

bobich.net. 86287 IN MX 256

mail256.shatteredsilicon.net.

bobich.net. 86287 IN MX 264

mail264.shatteredsilicon.net.

bobich.net. 86287 IN MX 265

mail265.shatteredsilicon.net.

bobich.net. 86287 IN MX 266

mail266.shatteredsilicon.net.

bobich.net. 86287 IN MX 274

mail274.shatteredsilicon.net.

bobich.net. 86287 IN MX 275

mail275.shatteredsilicon.net.

bobich.net. 86287 IN MX 276

mail276.shatteredsilicon.net.

bobich.net. 86287 IN MX 284

mail284.shatteredsilicon.net.

bobich.net. 86287 IN MX 285

mail285.shatteredsilicon.net.

bobich.net. 86287 IN MX 286

mail286.shatteredsilicon.net.

;; AUTHORITY SECTION:

bobich.net. 86287 IN NS ns2.tildeslashdot.co.uk.

bobich.net. 86287 IN NS ns1.tildeslashdot.co.uk.

;; ADDITIONAL SECTION:

mail2.shatteredsilicon.net. 86324 IN A 217.79.103.2

mail3.shatteredsilicon.net. 86333 IN A 217.79.103.3

ns1.tildeslashdot.co.uk. 86287 IN A 217.79.103.2

ns2.tildeslashdot.co.uk. 86287 IN A 64.239.2.143

;; Query time: 8 msec

;; SERVER: 192.168.1.3#53(192.168.1.3)

;; WHEN: Thu Nov 1 10:09:35 2007

;; MSG SIZE rcvd: 1714 - On Thu, 1 Nov 2007, mouss wrote:

> gordan@... wrote:

Sure - but I've tested this across different networks and different

>> On Thu, 1 Nov 2007, mouss wrote:

>>> this does not prove that using 10 records significantly reduces the spam

>>> received on the real MXes. This only shows the dsitribution of spam

>>> attempts when using 10 records.

>>

>> Sure - but unless spam that went to MX10 then went and tried MX2, the

>> spam wasn't delivered to MX2.

>>

>

> As Jorey said, it's not like there is a finite quantity of spam to be

> distributed among MXes. I have domains that receive 0 spam (and they

> have an MX). BTW. I also see smtp attempts to machines that are not

> listed as MX for any domain.

domains. There is always the dominant shape of the curve: disproportionate

number of connections on the 1st nth, n-1 and n-2 MX records (where n is

the number of MX-es).

>>> the experiment would be:

It worked so well that I never bothered gathering any stats. But I guess I

>>>

>>> test 1: with only 2 records, what amount of spam is targetting the real

>>> MX. do this for some period of time (so that there are actually many bot

>>> runs).

>>>

>>> test 2: do the same test with 10 records.

>>>

>>> if the amount of spam (on the "real" MX) in test 2 is significantly

>>> lower than in test 1, then 10 records would be useful. otherwise, you

>>> are just putting more honey for the flies.

>>

>> The difference is extremely signifficant. It is also signifficant

>> between 3 and 5 MX-es, although it gets less measurable when going from

>> 10 upward.

>

> you did not show actual numbers for this.

could go through my spam folder and put some numbers to it when I have a

moment.

>>> No. see above. you are comparing numbers in a single setup. you are not

Because there is still a measurable drop, and it isn't exactly an

>>> comparing different setups (different number of records).

>>

>> Yes I was. I tested with increasing numbers of MX records and the amount

>> of spam reduced. You do get into diminishing returns (statistically, 10

>> gets around 90% of it away, going from 10 to 100 only reduces it by

>> another 9%), so usually I don't bother with more than about 15. The

>> drop-off is actually better than linear because spammers seem to target

>> the 1st highest and 3 lowest MX-es, so adding more in the middle just

>> dilutes the ones that target a random MX.

>>

>

> If they target 1st and last 3, then why 10 instead of 5?

expensive solution.

>> You could, of course, just try it yourself for some figures you can

You'll need some quite spam-heavy unused domains to gather the statistics

>> trust. :-)

>

> I suspect there may be broken MTAs out there, so I keep myself under the

> 2 MX limit to avoid any risk on "real" domains. but I may test this on

> domains unused in email.

quickly enough.

Gordan