On Friday 25 Feb 2005 13:35, Bryan Scott wrote: > I had thought about a similar thing, but in my more earnest programming > days ended up temporarily blacklisting those who error out five or more > times in a row. Those who show up on the temporary blacklist 20 or so > times within a given time frame were blacklisted longer. That seemed to > thwart the attacks pretty well, without permanently denying legitimate > but temporarily infected mail servers.
But if you don't want to be black-listed as rfc-ignorant (and/or you're being joe-jobbed) then you have to be a little more polite when the sender is <> (ie for bounces), and I found a lot of spammers automatically send as <> (and using one of those things to mangle outgoing addresses so can reject false bounces won;t do much good - the rfc-ignorant crowd just try to send you an email from <> and add you to the blacklist if you don't accept it, which in turn seems more than a little ignorant). Now I simple reply with different DENY messages depending on if $sender eq "" or not, but that's why I was suggesting the mod to check_badrcptto so I'd hard deny anyone who quoted certain "known only to spammers" addresses. -- Tim
