OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Postfix Archives: Re: 4xx vs 5xx for spam rejects

Re: 4xx vs 5xx for spam rejects

Subject: Re: 4xx vs 5xx for spam rejects
From: Ralf Hildebrandt (R.Hildebrandttu-bs.de)
Date: Mon Dec 20 1999 - 08:10:48 CST

On Mon, Dec 20, 1999 at 08:55:28AM -0500, Wietse Venema wrote:

> On the other hand, I've found that insisting on DNS confirmation
> for client hostname and HELO parameters loses too much of my mail.

Really? I tend to get this kind of stuff:

postfix/smtpd[7063]: connect from ABDCC33F.ipt.aol.com[171.220.195.63]
postfix/smtpd[7063]: 15BCF1450D: client=ABDCC33F.ipt.aol.com[171.220.195.63]
postfix/smtpd[7063]: reject: RCPT from ABDCC33F.ipt.aol.com[171.220.195.63]: 554 <ryan-7>: Helo command rejected: Host not found; from=<shjauhindiatimes.com> to=<testbrutalsex.com>
postfix/smtpd[7063]: disconnect from ABDCC33F.ipt.aol.com[171.220.195.63]

(would have been rejected anyway by check_relay_domains)
 
> Watching the log and dropping packets from bad hosts is a good
> plan. It slows the spammer down (provided you drop their packets
> silently) and is better than wasting a Postfix socket.

A friend of mine wrote a little pair script of scripts which can be used to
do exactly that.

I use that (in check_client_access) and found that only few IP's get
"re-used" for sending spam. A shared database (like RSS) works better for
that purpose... 

-- 
Ralf Hildebrandt <R.Hildebrandttu-bs.de> www.stahl.bau.tu-bs.de/~hildeb
Linux is like an indian's tent: 
No gates, no windows, and apache inside.

This archive was generated by hypermail 2b27 : Mon Dec 20 1999 - 08:19:17 CST