Reading Postfix's docs re Disconnect suspicious SMTP clients http://www.postfix.org/STRESS_README.html#hangup
in the example there it says "To hang up connections from blacklisted zombies, you can set specific Postfix SMTP server reject codes for specific RBLs ... We'll use zen.spamhaus.org as an example ... their documents say that a response of 127.0.0.10 or 127.0.0.11 indicates a dynamic client IP address, which means that the machine is probably running a bot of some kind." and uses in a restriction 1 /etc/postfix/main.cf: 2 smtpd_client_restrictions = 3 permit_mynetworks 4 reject_rbl_client zen.spamhaus.org=127.0.0.10 5 reject_rbl_client zen.spamhaus.org=127.0.0.11 6 reject_rbl_client zen.spamhaus.org then sets up a 521-response reply map to override the usual 554 responses. That's clear and I understand how it works. When you read the spamhaus docs for those reponse codes @ http://www.spamhaus.org/faq/section/DNSBL%20Usage#202 it says DNSBL Zone to Query Returns Contains SBL sbl.spamhaus.org 127.0.0.2-3 Static UBE sources, verified spam services (hosting or support) and ROKSO spammers XBL xbl.spamhaus.org 127.0.0.4-7 Illegal 3rd party exploits, including proxies, worms and trojan exploits PBL pbl.spamhaus.org 127.0.0.10-11 IP ranges which should not be delivering unauthenticated SMTP email. ZEN zen.spamhaus.org 127.0.0.2-11 Combined zone (recommended) Includes SBL, XBL and PBL. My question is about usage. Is there a reason NOT to simply use the 521 hangup coes for ALL the spamhaus hits from 127.0.0.2-11 ? It seems to me like all of those would be good candidates. Before I go ahead I wanted to ask in here from somebody with more epxerience maybe.
