Wietse Venema wrote:
Although the idea of proactive botnet detection has merit, building delays into the SMTPD process is very problematic. It causes Postfix to waste more time on bogus SMTP clients, so that it reaches the "all SMTP servers busy" condition sooner.
I thought some smtp reverse proxy front ends already did this. The catch "talk ahead" bots by listening for talk for a short period and if nothig comes in they *only* then conect to the backend SMTP server and echo what it says. Some also force the banner to be output at a very slow rate which gets you back to the "servers busy" state unless the proxy generates the banner. I have noticed a larger nuber of MSP servers greylisting at the banner and immedtaly disconnecting after outputing the 4XX banner. Quite a few are taking up to 4 minutes to display the banner at one char per 10 seconds or so. Some take so long that thier own servers disconnect as our mail servers do not "talk" for so many minutes :-( I am building up quite a list of "unfriendly" MSP domains. Jacqui
