From: mouss (mlist.onlyfree.fr)
Date: Wed Jan 02 2008 - 06:31:20 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Terry Carmen wrote:
>
> Bots are pretty easy to kill. You can refuse to talk to them by matching
> their reverse DNS against a regular expression.
>

unfortunately, it's not that easy. rejecting them still consumes
resources. when your smtpd is rejecting zombies, it's busy doing that.
And if there are too many zombies sending you traffic, then that will
kill your connectivity, even if you firewall traffic at the IP level.

all you can do is reduce their effects.

> This has also been a huge help.
>
> There's just no reason to accept mail from a Dynamic IP

The problem is how to detect that it is a dynamic IP. regular
expressions have both False Negatives (there is no registery of every
possible format) and False Positives, like this:

... connect from DD.CC-AA-BB.ripe.coltfrance.com[AA.BB.CC.DD]

This is from a colo host, which is not dynamic at all.

an alternative is to reject mail from clients with generic rDNS (because
"they did not do efforts to have a meaningful rDNS"). This reduces the
false positives (by changing the goal, not by blocking different people!).

> or an IP with no reverse DNS,

Be warned that in the case of DNS failures (which may be on your side),
you'll delay legitimate mail.

> [snip]

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]