Steffen Heil wrote: > Hi > >> For some months now we have used a HELO ACL to delay by >> 35 seconds all connections with suspicious looking HELOs. > > Looks a little long for me. > >> This is very effective at reducing the amount of spam that >> our servers receive, while not preventing "real" >> email getting through, because much of the current spamming >> software seems to drop the connection during the delay period. > > That's not what I am seeing. > However, a lot of spammers don't wait for the servers hello. > So I have 5s delay AND synchroization enforced and I see a lot of >> 554 SMTP synchronization error > And those (propable spammer) connections are then dropped *on my side*. > >> As our mail volumes get higher, however, I am beginning to be >> concerned about the load that all these delayed connections >> will place on our servers. At the moment it does not appear >> to be an issue, but I am looking for advice on whether or not >> it is likely to become a problem. > > I would not think this is such a big problem as long as you allow > pipelining. > (Delay then only occurs for the first mail.) > > That may interfer with greylisting though. > > Regards, > Steffen >
But specifically NOT allowing pipelining (and enforcing sync) tosses off a whole 'nuther class of spambots. Not fussed, as we only apply delay to rDNS-fail arrivals in acl_smtp_connect, then to HELO-fail arrivals (same folks again) in acl-smtp_helo. Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
