For those of you who want to experiment I've created a new dnsrbl list
of IP addresses and host names that use QUIT to close connections and
those who do not use QUIT. I have found that there are a few legitimate
senders who are skipping using QUIT to close.
Here's the rules. I have about 5 days of data. Every 6 hours I scroll
the list losing the oldest 6 hours. To be in the QUIT list the IP had to
at least close with QUIT one time. To be in the NOTQUIT list the IP had
to do 10 connects with NOTQUIT (timeout) and no QUITs.
The list can be read at:
quit.junkemailfilter.com
returns 127.0.0.1 = quit 127.0.0.2 = notquit
I'm making some use of this but I'm opening this up for others who might
want to mess with this data. I'm interested in feedback on this.
