What I meant with REJECT vs DISCARD, is that with REJECT, the spammers just switch to a new domain. And new domain, and new domain. Like they have some script or API that instantly purchases a new domain once their current domain gets banned in spam filters. (And yes, they do really have valid addresses because they often write in the payload like "Reply to sign up" and so on), and the links inside spam goes to the domain listed after @. Thats the bad thing with registrars that allow domain purchasing via a API.
I have witnessed it in realtime, when I continually added banned domains to my banfile and the spammer just, nearly instant on the second I reloaded files, switched to some new domain that was similar to the banned. And in the log file I saw the reject, so I understood the spammer was adapting to the spam filter. After like 5-6 domains I got fed up, changed everything into DISCARD, and once that, all the spam from that particular source have vanished, while I can see in logfiles that the spammer still thinks they get something through when they really don't. Either they are using some domain generator algoritm, or they are just randoming domains up using some dictionary. They also seem to know when to change TLD, like when they got rejected on like X different banned domains without getting a single piece through. If everyone would use DISCARD on all the static spam filters (where you are sure not getting false positives), then spammers will never know if they get their spam delivered, and will not be able to optimize when to "instant-purchase a new domain and switch to that" to maximize effectiveness of spam campaign. But you make a valid point about the payload. Only way to completely get rid of payload is to use greylisting on all senders, so the spammer can't find a "valid" domain that aren't banned, eg every domain will result in a temporary reject. But greylisting also delays legitimate mail. Why are you people so negative against DISCARD, and wants to use REJECT, if we disregard that the payload goes through the wire? Because most spams are pretty small to not trigger through scans, so its just a few kilobytes. -----Ursprungligt meddelande----- Från: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] För Benny Pedersen Skickat: den 20 februari 2016 10:40 Till: postfix-users@postfix.org Ämne: Re: SV: SV: Blocking TLDs On 2016-02-20 00:52, Sebastian Nielsen wrote: > 1: REJECT tells the spammer "Hey, your spam got stuck in the spam > filter. Wanna try again?". if thay do, so what ?, its not possible for spammers to make remote administoring on postfix this would be in vain anyway, and the point on discard is accepting more payloads on recieved data, where reject stop the payloads > Better to DISCARD it so the spammer think they got the spam through, > then they won't switch to a new domain. fair, but read above > I don't think anyone ever will receive legitimate mail from any of > those spammy TLDs listed in the rules file I gave. this is another problem
smime.p7s
Description: S/MIME Cryptographic Signature
