On Tuesday 07 December 2004 17:55, Michael Loftis wrote: > --On Wednesday, December 08, 2004 08:47 +1100 Craig Sanders > > <[EMAIL PROTECTED]> wrote: > >> Now I reject by 554 code... should I change to 4xx? > > > > if it suits your needs. i wouldn't. > > I have to agree with that statement. For us it suits our needs very > well. I don't mind handling the extra retry traffic if it means > legitimate mail on a 'grey/pink' host is just temporarily rejected or > delayed while they clean up, in fact this is far more desireable for us. > Complaints of 'lost' mail went up when we were using permanent fatal > codes as an experiment. Yes legitimate hosts get blacklisted, but > legitimate hosts will retry, and if they don't well, it's their problem, > not ours. We're telling them 454 listed on spamciop see URL of whatever > (I'm obviously paraphrasing)
I've been following this thread with great interest. I'm wondering if the same 4XX technique could apply to EHLO/HELO checks--with automatic whitelisting thrown in. If spammers never retry, couldn't you watch the logs and when you see a retry, add that IP to EHLO/HELO whitelist? (And generate a report so you can check up on this later.) Folks on the courier-user list have reported that the EHLO/HELO whitelist becomes quite stable after a while. I've recently turned on EHLO/HELO validation and am encouraged by how effective it is. WIth RBL's (spamcop and dnsbl) and SpamAssassin 3, only 88% of spam was stopped. So far, it's 100%. (This is a _very_ small sample--one email account for one day, but the change is dramatic from my perspective.) And what's to stop spammers from starting to retry? Does it double their cost of doing business? If I then require a second retry, does it triple their cost? If I want to hack the courier backport package to force an invalid EHLO to get a 4XX instead of the hardcoded 517, are these the correct steps (taken from Debian Quick Reference, Ch. 3): apt-get source courier dpkg-source courier.dsc cd courier-0.47 ... edit source dpkg-buildpackage -rfakeroot -us -uc su -c "dpkg -i courier-mta.deb" Is that correct? How do I change the newly-built package name, and what do I change it to so apt-get update/upgrade will find a new release uploaded to backports.org? Regards, Mark -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
