On June 30, 2019 11:20:33 AM PDT, John Hardin <jhar...@impsec.org> wrote:
>On Sun, 30 Jun 2019, Grant Taylor wrote:
>
>> On 6/30/19 10:51 AM, Martin Gregorie wrote:
>>> If you don't mind a delay in receiving mail from hosts you've never
>seen
>>> before, why not implement a greylister?
>>>
>>> https://en.wikipedia.org/wiki/Greylisting
>>
>> I see your GreyListing and raise you NoListing:
>>
>> https://en.wikipedia.org/wiki/Nolisting
>>
>> TL;DR: NoListing works by having an MX record that either does not
>respond
>> to TCP connections for SMTP, or sends TCP Resets. Thus causing RFC
>compliant
>> DNS servers to move on to the next priority MX in short order.
NoListing concerns me for two reasons: first, it causes everyone to have to try
twice regardless of reputation. Second, Bad Things will happen if I do anything
punitive on the highest preference MX and my primary and secondary go down.
With greylisting, I can at least whitelist anyone registered with dnswl.org,
etc. A greylist server could also whitelist an entire domain once any of its
servers passes, if SPF is set up.
>
>...and if the same IP address is a regular abuser that never sends any
>legitimate traffic, tarpit them:
>
> http://www.impsec.org/~jhardin/antispam/spammer-firewall
I do like the idea of tarpitting spammers, because I want to drive up the cost
of spamming. I haven't been able to find even anecdotal evidence that it causes
them any genuine pain beyond just sleeping though since they tend to have very
aggressive timeouts. postscreen's short sleep during its two-line greeting
seems to cause a lot of spammers to hang up, or they try saying HELO too early
and postscreen blocks them.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
