|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Robert Schetterer (robert
schetterer.org)
Date: Wed Jan 02 2008 - 08:09:36 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
mouss schrieb:
> Terry Carmen wrote:
>>
>> Bots are pretty easy to kill. You can refuse to talk to them by
>> matching their reverse DNS against a regular expression.
>>
>
> unfortunately, it's not that easy. rejecting them still consumes
> resources. when your smtpd is rejecting zombies, it's busy doing that.
> And if there are too many zombies sending you traffic, then that will
> kill your connectivity, even if you firewall traffic at the IP level.
>
> all you can do is reduce their effects.
>
>> This has also been a huge help.
>>
>> There's just no reason to accept mail from a Dynamic IP
>
> The problem is how to detect that it is a dynamic IP. regular
> expressions have both False Negatives (there is no registery of every
> possible format) and False Positives, like this:
>
> ... connect from DD.CC-AA-BB.ripe.coltfrance.com[AA.BB.CC.DD]
>
> This is from a colo host, which is not dynamic at all.
>
> an alternative is to reject mail from clients with generic rDNS (because
> "they did not do efforts to have a meaningful rDNS"). This reduces the
> false positives (by changing the goal, not by blocking different people!).
>
>
>> or an IP with no reverse DNS,
>
> Be warned that in the case of DNS failures (which may be on your side),
> you'll delay legitimate mail.
>
>
>> [snip]
why not use fail2ban, works here like charme
here
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]