Ian Eiloart <iane@???> said, in message
D01A5F8DE52A40AABB0645C1@???:
>
> > I've been meaning to do something like this for a while. The
> > corollory would be, after moving the IP, to firewall the old IP and
> > watch the firewall logs. Anyone hitting the old IP (after some
> > reasonable grace period)
>
> Is that grace period different from the DNS TTL?
Probably not, but I think I'd give it the DNS TTL plus some value, just to
be sure.
I've been looking at what's been blocked. Once I take away the 90% that
are obviously home connections or which don't have reverse lookups, I'm
left with some very strange results. For example, the following have
all attempted to connect to A records for aber.ac.uk:
mailgate.brentwoodhousingtrust.co.uk
- port 25 has Microsoft ESMTP MAIL Service Version: 5.0.2195.6713
hasn't connected to any of our inbound servers
mail-kr.bigfoot.com
- LiteMail v3.03
has connected to our inbound servers too
mail-relay8.elsevier.co.uk
- MAILsweeper ESMTP Receiver Version 4.3.17.0
has connected to out inbound servers too
mail.sihe.ac.uk
- Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830
has connected to out inbound servers too
It's fairly obvious that these are genuine outbound mail servers, but I'm
very confused as to why doing it. We use greylisting, so for the latter
three I guess it could be that they've tried the MX record, hit our
greylisting and are now failing back to the A record. Would this be
valid behaviour?
Cheers,
Alun.
--
Alun Jones auj@???
Systems Support, (01970) 62 2494
Information Services,
University of Wales, Aberystwyth
