Randy a écrit : > mouss wrote: >> Ned Slider a écrit : >> >>> Randy wrote: >>> >>>> Ken A wrote: >>>> >>>>> Randy wrote: >>>>> >>>>> Are you sure it's not spam bounces (joe job)? >>>>> This is more common than a spam attack >>>>> Ken >>>>> >>>>> >>>> Yeah we get those in spurts, but this appears to not be the case. We >>>> are getting thousands of connects from non MX hosts and many are >>>> blocked at the smtp layer by our mail server. The connecting hosts are >>>> non valid MXes which many do not resolve, are listed in Spamhaus and >>>> use fake HELO all sending to a single e-mail address. >>>> >>>> >>> If that's the case then I guess there's not a lot you do about it other >>> than suck up the volume. About the only thing I can think of is to add a >>> check_recipient_access entry for that e-mail address to specifically >>> reject the mail before it gets as far as your RBL checks in postfix. At >>> least then you could save a bunch of hits against Spamhaus and reject >>> the mail as early as possible in the smtp process. >>> >>> >> >> and even return a 421 so that the connection is closed immediately. >> > 421 or 554? > I think 554 is the smtp server default code.
with any code except 421, the server will wait for the client to send a QUIT. With 421, the server drops the connection immediately. This way, you don't lose resources and you don't accept mail to other recipients from the guilty transaction.
