Open gthess opened 5 years ago
It might also help to slow down the rate when a domain is retested within a given timeframe (e.g. 5 minutes).
It might also help to slow down the rate when a domain is retested within a given timeframe (e.g. 5 minutes).
I did see we already do some caching for repeat scans for the same mail server, which makes sense as many domains use the same small set of servers and we don't need to retest for every domain.
I did see we already do some caching for repeat scans for the same mail server, which makes sense as many domains use the same small set of servers and we don't need to retest for every domain.
Yes, that's right (see also #171). I am sure we use MX result caching on batch. However, I am not sure if we also use that on the single scan version. Furthermore, MX result caching can still be improved (see #670).
However, I am not sure if we also use that on the single scan version. Furthermore, MX result caching can still be improved (see #670).
I checked, we do.
Moving this off 1.8 for now, but to summarise, there are three fundamental approaches:
Related:
After new TLS implementation, recheck if there are more/less rate limit problems.
For the STARTTLS test some mailservers use strict ratelimits on the number and the rate of connections used when testing.
The current tests are run in series to avoid the limit on concurrent connections. However stricter limits on the rate of connections were observed at roughly 2 allowed connections per minute. The only way to circumvent that in the future is to try the different STARTTLS tests with a pool of IP addresses.