On 5/1/2016 9:20 AM, jaso...@mail-central.com wrote: > I'm clear this has been asked a gazillion times; feels like I've now read > half the posts. > > For incoming mail that matches with high-confidence a known bot/mass-mailer > restriction, is it 'best' to > > DISCARD or REJECT? > > I still can't convince myself of a clear answer, but am leaning to DISCARD.
Best practices change, ignore very old advice. Get rid of unwanted mail in this order. Only move to the next level if the current level is insufficient for some reason. REJECT in smtpd_*_restrictions. REJECT with postscreen_access_maps firewall the offending client Using any of the above, a legitimate sender should receive a notice from their own mail server that the message wasn't delivered. Bots will just see an unsuccessful delivery. This is good. Don't confuse REJECT with a bounce. Using REJECT will log the sender and intended recipient, which is essential for tracking down false positives. I guarantee you will have false positives. Reserve firewall blocks for persistent offenders since debugging a firewalled false positive is far more difficult. There is seldom a good reason to DISCARD mail. This will make legitimate false positives disappear into a black hole, and there is some evidence that spammers (especially spammers-for-hire) count a DISCARD as a successful delivery and direct more spam to you. -- Noel Jones
