[nSLUG] smtp relay through eastlink and ESET Nod32 tagline = disappearing email

George N. White III gnwiii at gmail.com
Fri Oct 30 13:14:59 ADT 2009


On Fri, Oct 30, 2009 at 11:00 AM, D G Teed <donald.teed at gmail.com> wrote:
> On Fri, Oct 30, 2009 at 9:20 AM, George N. White III <gnwiii at gmail.com>
> wrote:
>>
>> Several weeks ago my wife's Eastlink mail was not being
>> delivered to a friend using Sympatico.  Sympatico support
>> blamed the friend's use of Thunderbird, but after being told
>> that was nonsense they admitted that Eastlink was blacklisted.
>> I suspect this was an example of the blackholes.us problem:
>>
>> http://isc.sans.org/diary.html?storyid=7360
>>
>> http://www.circleid.com/posts/20091013_unwelcome_afterlife_for_a_long_dead_blacklist/
>>
>
> Probably not the same problem, but I'm curious what they do.
> Was the mail bounced or trounced (i.e. lost)?

trounced

> At my work, we bounce - reject - email which fails reputation look ups,
> RDNS, etc.
> Spam is simply tagged for recipients to filter.  Only viruses are not
> delivered nor bounced.  Even with viruses, the recipient gets an email
> that an email was going to be delivered to them and is now quarantined.

At times, I have had 1000's of virus-related mails an hour on my
chebucto address.  Many of those were bounces.  In such cases trounce
is the only option.  The real issue is that a big mail server requires 7/24
attention to adjust to circumstances.  If you use blacklists you need ways
to check that they are being maintained in a sensible fashion.  Do you keep
stats on the numbers of bounced/trounced emails per hour?  I suppose it
would be good to break down the stats into groupings, e.g., a few server
addresses that are responsible for a bulk of the mails plus "the others".

If you are suddenly bouncing or trouncing an abnormal volume of mail in a
grouping then you need to take action -- either one of you filters is broken
or you are seeing the start of a major virus outbreak, DOS attack, etc.


> --Donald
>
>
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug
>
>



-- 
George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia



More information about the nSLUG mailing list