Am 11.07.2014 21:02, schrieb D'Arcy J.M. Cain: > There's a new trick in the spammer's bag of tricks. Companies like > strikeiron and briteverify are springing up promising to verify email > addresses so that senders can limit sending invalid emails to MTAs and > thus wind up on their suspicious sender list. I can't think of a > single legitimate use for this service. > > In order to find spammers or, as described above, their agents, I would > like to find incomplete sessions. Unfortunately there is only one > string to trigger on, the subject mentioned one. We get this message > in at least three scenarios that I can see. One, someone sends email > to an invalid address and we reject the balance of the session. Two, > we reject the session because of an RBL. Three, someone is probing to > find out if an address is valid. I don't really care about number two > since I have already dealt with it but Postfix still sends out the log > line for it even after it has already logged the reject. Is there any > way to not have that logged or at least change the log message? > > Even number one is unnecessary since we already know that someone has > attempted to send to an invalid user. It's really just the third case > that we care about. If I do this I guess I can drop the "User unknown > in local recipient table" test. > > I suppose there is a number four where the sender has a system issue > and disconnects prematurely but this probably doesn't happen often > enough to worry about especially if I only take note once the sender > passes some reasonable threshold
you did not provide any log but "lost connection after RCPT" means the client did not quit the smtp session properly and so the client is broken * client connects * client send SMTP commands * postfix answers with the REJECT status * client blindly closes the connection
