Re: Possible MX Lookup/Ordering Issue
- On Thu, 1 Nov 2007, Wietse Venema wrote:
> gordan@...:Sure - but if the top two were tried in the correct order, this problem
>> Sure - and I've gone one better and hidden my real MX somewhere between
>> the rejecting ones at the top (which leads to immediate retries to the
>> next MX down, which may or may not do the same thing), and the tarpitting
>> ones at the bottom. And even if a valid MTA gets to the bottom ones
>> through a minor network outage, it'll still eventually time out and roll
>> over to retry from the top after a little while.
> The RFC does not require that an SMTP client tries every MX host.
> It only requires two. If you list lots of non-responding MX hosts
> then you can expect interoperability problems.
wouldn't have happened, and if I saw it give up after two, I'd not be
asking why it started at the 16th and didn't go from there for 5 hours.
> Postfix will not connect to all MX hosts, because that is a wayGreat! So I won't tarpit any postfix machines, then. :-)
> for bad guys to DOS a server.
But as I said, that's not the problem here.
- On Thu, 1 Nov 2007, mouss wrote:
> gordan@... wrote:Sure - but I've tested this across different networks and different
>> On Thu, 1 Nov 2007, mouss wrote:
>>> this does not prove that using 10 records significantly reduces the spam
>>> received on the real MXes. This only shows the dsitribution of spam
>>> attempts when using 10 records.
>> Sure - but unless spam that went to MX10 then went and tried MX2, the
>> spam wasn't delivered to MX2.
> As Jorey said, it's not like there is a finite quantity of spam to be
> distributed among MXes. I have domains that receive 0 spam (and they
> have an MX). BTW. I also see smtp attempts to machines that are not
> listed as MX for any domain.
domains. There is always the dominant shape of the curve: disproportionate
number of connections on the 1st nth, n-1 and n-2 MX records (where n is
the number of MX-es).
>>> the experiment would be:It worked so well that I never bothered gathering any stats. But I guess I
>>> test 1: with only 2 records, what amount of spam is targetting the real
>>> MX. do this for some period of time (so that there are actually many bot
>>> test 2: do the same test with 10 records.
>>> if the amount of spam (on the "real" MX) in test 2 is significantly
>>> lower than in test 1, then 10 records would be useful. otherwise, you
>>> are just putting more honey for the flies.
>> The difference is extremely signifficant. It is also signifficant
>> between 3 and 5 MX-es, although it gets less measurable when going from
>> 10 upward.
> you did not show actual numbers for this.
could go through my spam folder and put some numbers to it when I have a
>>> No. see above. you are comparing numbers in a single setup. you are notBecause there is still a measurable drop, and it isn't exactly an
>>> comparing different setups (different number of records).
>> Yes I was. I tested with increasing numbers of MX records and the amount
>> of spam reduced. You do get into diminishing returns (statistically, 10
>> gets around 90% of it away, going from 10 to 100 only reduces it by
>> another 9%), so usually I don't bother with more than about 15. The
>> drop-off is actually better than linear because spammers seem to target
>> the 1st highest and 3 lowest MX-es, so adding more in the middle just
>> dilutes the ones that target a random MX.
> If they target 1st and last 3, then why 10 instead of 5?
>> You could, of course, just try it yourself for some figures you canYou'll need some quite spam-heavy unused domains to gather the statistics
>> trust. :-)
> I suspect there may be broken MTAs out there, so I keep myself under the
> 2 MX limit to avoid any risk on "real" domains. but I may test this on
> domains unused in email.