Re: [exim] An interesting observation about spam zombies

Top Page

Reply to this message
Author: Graeme Fowler
Date:  
To: exim-users
Subject: Re: [exim] An interesting observation about spam zombies
On Wed, 2007-08-29 at 14:42 -0700, Marc Perkel wrote:
> Keep in mind Phil that these are fake high numbers MX records that
> normal server never access even if they are correct. So if you add in
> the expired fake MX factor then it starts getting pretty safe.


I refer the honourable gentleman to my previous statement, glib as it
may have seemed, about black sheep.

Unfortunately, Marc you simply *cannot* state that:

"these are fake high numbers MX records that normal server never access
even if they are correct"

unless you control both the "normal server" (sic) in question and the
"fake" MX; and can absolutely guarantee that no transient network
condition between that server and your systems can cause a failure to
connect to your other MX servers.

Sure, you have a high probability (and it may approach 1 in most cases)
that "normal" servers won't connect to your "fake" MX, but you *cannot
guarantee it*. That's the rub - if your customers are happy with the
vanishing probability that a remote system, through no fault of its'
own, could end up blacklisted because you're automating this stuff, then
that's fine. If, however, you drop, reject, blackhole or otherwise send
AWOL a time-critical [0] message destined to one of your customers and
cause, ooh, a business deadline to be missed, then you'd best be
prepared for several long talks with your lawyer.

If I were you, I'd do my best to put a human between the connection
attempts and the actual blacklisting, or at the very least make sure you
see several (how many is up to you) connections before plonking any
address space on a BL.

[0] I know, SMTP is a store-and-forward, best efforts protocol. We all
know that. Too bad that the end users seem to think that it's an
instantaneous, guaranteed delivery method for critical documents :(

Overall, technical issues aside (RR or Zone TTLs not being honoured
being the main one) I think it's a reasonable idea, given the caveats
described by myself and others. It needs work, in my opinion, but it
could be a reasonable assistant to other technologies.

Graeme