On 22 Oct 2016, at 12:19, Paul Schmehl wrote:
I would make one suggestion. I would reject the attempt silently. No sense in tipping off the spammer to what he needs to do to work around it. Just use REJECT with no explanation.
That's a nice hypothesis but it doesn't seem to play out in reality. I've been emitting specific (and yes, sometimes snarky) rejection messages on a variety of systems for all sorts of access rules, in part so I can keep track of what rules are being hit easily. I have never seen any hint that spammers behaving in grossly fraudulent ways (like EHLO arguments that claim to be the server they're talking to) substantively change their behavior in response to those messages. Keep in mind that essentially ANY idiosyncratically wrong EHLO argument seen only from spammers has been configured intentionally by someone who has no idea how cheap, simple, and reliable it is to reject spam on that basis. These are cognitively impaired spammers, not smart ones. The smart ones try very hard to look very normal and legitimate, not to stand out as something starkly different from any legitimate mail.
