From: JD Bronson (jbronsonsixcompanies.com)
Date: Wed Jan 02 2008 - 06:06:02 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 02:44 PM 01/02/2008 +1000, terry.gilsenaninteroil.com wrote:
>>Dynamic users should be routing their mail through their ISPs mail
>>servers. If they don't want to, that's fine, but I don't have to talk to them.

Thanks for all of the discussion guys.

I already block dynamic IPs with pcre but have a client_checks just
before that for whitelisting.

I do get a false positive from time to time, but my error message
states to use your ISP:

"550 Connecting IP appears dynamic - Use ISP to relay email"

Smart people should figure that out. If not, oh well :-)

So far, using pf has helped me the most. It watches the number of
concurrent sessions and the number of sessions within a given amount
of time and then blacklists/blackholes the IP until midnight. I am
then emailed a list of the offending IPs and then the IPs are flushed
out of the table.

At least this way, if it is a legit IP, it will have a chance again.
If not, it will be blacklisted again as well.

I do have overrides within pf for certain sites that we receive a
large quantity of email from in a short time.

-JD

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]