John Rudd wrote:
>
> If you're going to do this, I would suggest that instead of counting
> to X hits on your low priority MX's and then blacklisting the IP, do
> this:
>
> Count on all of your MX's, and look for a ratio between "hits on low
> priority MX's and hits on high priority MX's".
>
> IF the high priority MX hit rate is 0, then just do a simple count on
> the hits against the low priority MX's.
>
> IF the highr priority MX hit rate is > 0, then do (low priority hit
> rate) / (high priority hit rate), and look for a number >= something
> like 10.
>
>
> That way, senders that might sequentially try your servers, due to
> problems, or even just because they roll through the servers over
> time, wont get tagged.
>


That's a good suggestion. You have me thinking. I'm using Exim and it
has the RateLimit logic. Rather than a ratio I could maybe create a time
window where if they hit the proper MX then it bypasses the improper MX
tests for a fixed number of seconds.