We need to receive mail from an unspecified and possibly quite wide range of Chinese IP addresses.
Judging by the domains I've been asked to check, our boxes are quite justified in dropping the connections. The MXs I'm tracing have all sorts of problems; missing or incorrect PTRs, Spamhaus PBL listings, and one is coming up as technically lame. These are of course just the receiving points; under the circumstances I strongly suspect the senders are using dynamic addresses. Yes, I realise that the next step is to try to establish as narrow a window for one of the dropped connections then wade through the connection log so I can confirm this suspicion.
My question to the group is discover what other IronPort customers do in these circumstances.
The sheer number of connections we receive generally mean we can't switch off reputation filtering; our boxes would collapse under the load. I can whitelist known problem ranges then depend on CASE and my content rules to hold the tsunami at bay, but my quarantines and off-box arrangements may well be overwhelmed even if the work queue doesn't over-extend as a result.
Is anyone aware of any general figures for (a) the size and range of addresses allocated to the PRC, and (b) the average volume of spam I might expect from that space?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...