Nathanael Hoyle a écrit :
>
> The IP is a network boundary address. i.e., if it were a class C
> network (/24). the address would be x.x.x.0, rather than 1-254 or
> broadcast (255). Because this IP refers to the *network* rather than a
> host therein, it cannot actually be assigned to a host. This means I
> both avoid wasting an otherwise usable IP, and have no worries that
> something might ever be assigned that IP which would interact in an
> undersired manner with mail delivery attempts. In my particular case
> (which you can find out from the MX records anyhow):
>
> MX 10 nosoupforyou.speedexpress.net
> MX 100 mail.speedexpress.net
>
> nosoupforyou.speedexpress.net A 66.142.28.32
> mail.speedexpress.net A 66.142.28.50
>
> The 66.142.28.32 address is the network boundary for 66.142.28.32/28
> (255.255.255.240 subnet, with .33 as the first usable IP).
>
>
>> the advantage I see is that the connect
>>
>>
>>>attempt will fail notably faster than it would if it had to time out,
>>>which reduces the burden on legitimate hosts, but is still just as
>>>undeliverable, keeping the desired effect. I will post with further
>>>results as I have the opportunity to observe them.
>>>
>>
>
>
The remote system has no idea how your network is subnetted. so the
failure will mostly be caused by a routing error (no route to host)
generated in your network. A tcp rst (generated by an existing host)
would be as fast. I think the advantage is in resource usage (no need to
go through an ip filter or a tcp stack) in addition to what you said
above (no need to use a real host's IP).
... what do you mean here? the advantage I see is that the connect...
mouss
usebsd@...
Nov 22, 2005 6:26 pm
... I'm using a host that has no A record (NXDOMAIN) as the dead primary in some of my configurations. While it applies less of a penalty, it isn't ...
Jorey Bump
list@...
Nov 22, 2005 6:40 pm
Guys, This is what I've setup: fauxmx01.plusone.com MX 10 (fake MX, non-responding <network> IP) nymeta01.plusone.com MX 20 (real MX) nymeta02.plusone.com MX...
Covington, Chris
Chris.Covington@...
Nov 22, 2005 9:59 pm
... no, this is different than GL: here, every host (legit or not) will try MX1, then if compliant, will try MX2. legit systems are thus somewhat penalized. In...
mouss
usebsd@...
Nov 23, 2005 1:20 am
... The theory behind GLing is that direct-to-MX clients won't retry, so if they time out at the primary MX or at the lowest-value MX that might be just as...
Covington, Chris
Chris.Covington@...
Nov 23, 2005 3:50 pm
... It's important to note that both methods exploit the lack of RFC-compliant behavior common to malware, albeit using completely different approaches....
Jorey Bump
list@...
Nov 23, 2005 4:51 pm
[...] ... Problem is that most low end "users"/mail administrator that handle only 3 or 4 mailboxes are mostly ignorant of the deal and the responsability ...
Xavier Beaudouin
kiwi@...
Nov 23, 2005 5:21 pm
... "most" is an understatement. ... How true. ... Instead, I've taken a different approach. I allow my customers to have ALL of my spam filtering, or NONE of...
Mark Nernberg
mark@...
Nov 23, 2005 7:09 pm
... The IP is a network boundary address. i.e., if it were a class C network (/24). the address would be x.x.x.0, rather than 1-254 or broadcast (255)....
Nathanael Hoyle
nhoyle@...
Nov 22, 2005 6:40 pm
... Oh yes it can. Your broadcast address is meaningful only for hosts on your subnet. Your broadcast address has no meaning for hosts on other subnets. Assign...
Wietse Venema
wietse@...
Nov 22, 2005 7:05 pm
... If you would please note, I used the bottom end network boundary, not the top-end broadcast address. To my understanding, this would be accurate in...
Nathanael Hoyle
nhoyle@...
Nov 22, 2005 7:09 pm
... It does not matter. The all-bits-0 (old broadcast) and all-bits-1 broadcast address have meaning only for hosts on your own subnet. The all-bits-0 (old...
Wietse Venema
wietse@...
Nov 22, 2005 7:19 pm
... - We live in CIDR. so remote client don't care. - broadcast and network addresses are valid (try a ping). so as Wietse says, packets will timeout, unless...
mouss
usebsd@...
Nov 22, 2005 7:25 pm
... The remote system has no idea how your network is subnetted. so the failure will mostly be caused by a routing error (no route to host) generated in your...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
Send Email