On Fri, Apr 27, 2012, at 08:54 PM, Bron Gondwana wrote: > Just as an interesting point from a fairly large site (fastmail.fm) we > do something very like that. We run a standalone daemon, and we keep > a "bad list" of IPs who get dumped immediately without even a DNS lookup. > > One of our patches to postfix allows that, dropping the connection while > doing nothing more than a syslog of the IP address.
That's interesting. Just our of curiosity, as I'm in the midst of reading about policy daemons, milters, before & after queue filtering, etc. At a high-level -- how did you implement this? Sounds like you're actually patching postfix code, and not handing off to a dameon/milter/etc early in the process. -- Thanks, Karen
