Traffic from UltraDNS.net PTRs has been suspect, but I never really
looked at them until today.
The following stats are from one of two equal preference secondary
MXs, where there are 3 equal preference primary MXs active. The
quality of the secondary traffic is extremely low. The overwhelming
majority of legit traffic goes through the primary MXs, with a
trickle through the secondary MXs.
Stats for Thur, 00:00 - 10:00 :
SMTP connections from:
egrep -ic ': connect from.*ultradns' /var/log/maillog
4054
bad recipients:
egrep -ic 'reject: .*user unknown.*ultradns' /var/log/maillog
3800
Our postfix smptd_hard_error_limit is 2, where hard_error is a 5xx
reject per SMTP session:
egrep -ic 'too many errors after.*ultradns' /var/log/maillog
3798
messages accepted:
mx101# egrep -ic 'ultradns.*4tuple' /var/log/maillog
390
What about ultradns.net traffic on one of the primary MXs?
egrep -ic ': connect from.*ultradns' /var/log/maillog
3994
egrep -ic 'user unknown.*ultradns' /var/log/maillog
3298
egrep -ic 'too many errors after.*ultradns' /var/log/maillog
3193
accepted msgs:
egrep -ic 'ultradns.4tuple' /var/log/maillog
0
google:
http://findarticles.com/p/articles/mi_m0EIN/is_2002_April_30/ai_85239743
http://www.redorbit.com/news/technology/1519746/spam_arrest_chooses_neustars_ultradns_to_enhance_service_delivery/index.html?source=r_technology
I'd say UltraDNS should consider getting out of the mail
business. We're considering a hard block on them for a least a 10:1
abuse:accepted ratio.
Anybody have similar experience?
Len
