You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Len Conrad <LC...@Go2France.com> on 2008/08/28 16:43:20 UTC

UltraDNS.net?

Traffic from UltraDNS.net PTRs has been suspect, but I never really 
looked at them until today.

The following stats are from one of two equal preference secondary 
MXs, where there are 3 equal preference primary MXs active. The 
quality of the secondary traffic is extremely low.  The overwhelming 
majority of legit traffic goes through the primary MXs, with a 
trickle through the secondary MXs.

Stats for Thur, 00:00 - 10:00 :

SMTP connections from:

egrep -ic ': connect from.*ultradns' /var/log/maillog
4054

bad recipients:

egrep -ic 'reject: .*user unknown.*ultradns' /var/log/maillog
3800

Our postfix smptd_hard_error_limit is 2, where hard_error is a 5xx 
reject per SMTP session:

egrep -ic 'too many errors after.*ultradns' /var/log/maillog
3798

messages accepted:

mx101# egrep -ic 'ultradns.*4tuple' /var/log/maillog
390



What about ultradns.net traffic on one of the primary MXs?

egrep -ic ': connect from.*ultradns' /var/log/maillog
3994

egrep -ic 'user unknown.*ultradns' /var/log/maillog
3298

egrep -ic 'too many errors after.*ultradns' /var/log/maillog
3193

accepted msgs:

egrep -ic 'ultradns.4tuple' /var/log/maillog
0


google:

http://findarticles.com/p/articles/mi_m0EIN/is_2002_April_30/ai_85239743

http://www.redorbit.com/news/technology/1519746/spam_arrest_chooses_neustars_ultradns_to_enhance_service_delivery/index.html?source=r_technology


I'd say UltraDNS should consider getting out of the mail 
business.  We're considering a hard block on them for a least a 10:1 
abuse:accepted ratio.

Anybody have similar experience?

Len

RE: UltraDNS.net?

Posted by Jason Bertoch <ja...@electronet.net>.

> -----Original Message-----
> From: Len Conrad [mailto:LConrad@Go2France.com]
> Sent: Thursday, August 28, 2008 10:43 AM
> To: users@spamassassin.apache.org
> Subject: UltraDNS.net?
> 
> I'd say UltraDNS should consider getting out of the mail
> business.  We're considering a hard block on them for a least a 10:1
> abuse:accepted ratio.
> 
> Anybody have similar experience?
> 

I don't have much volume from them, 12 over the past week, but they have all
been junk.


Jason A. Bertoch
Network Administrator
jason@electronet.net
Electronet Broadband Communications
3411 Capital Medical Blvd.
Tallahassee, FL 32308
(V) 850.222.0229 (F) 850.222.8771