On 3/23/2011 10:58 AM, Karsten Bräckelmann wrote:
On Wed, 2011-03-23 at 10:18 -1000, Warren Togami Jr. wrote:
On 3/23/2011 7:38 AM, Blaine Fleming wrote:
In the recent sa-updates, the Spam Eating Monkey rules were
inappropriately enabled. [...]
As soon as the bug was reported on the dev list I disabled the
127.0.0.255 response code to avoid any additional issues. I will be
turning this functionality back on as soon as the SA rules are updated
which I assume will be soon.
I would recommend blackholing those IP addresses at the firewall of the
DNS server, especially those 300 million+ sites that are impossible to
contact. They might finally notice they have a serious configuration
issue and stop querying if their mail delivery backs up.
Ugh, nasty boy. ;) You do realize they wouldn't be hammering the SEM
DNS servers, if testrules wouldn't have slipped out accidentally -- by
sa-update.
Personally, I'd much rather prefer to have this resolved by another
manual rule update, so the queries should die down within another 24-48
hours. Obviously, these sites do use sa-update...
Thanks and props to Blaine, for effectively disabling the limit
temporarily, and sustain the load for a while! :)
Agreed that would be the ideal solution. Who knows the procedure? Is
that procedure documented?
Warren
