Am 14.11.2014 um 14:43 schrieb David F. Skoll:
On Fri, 14 Nov 2014 13:35:34 +0100 Reindl Harald <h.rei...@thelounge.net> wrote:*but* it makes a ton of troubles for large *legit* sending clusters which often after a 4xx reject handover that mail to a different node and so get again a 4xxWith very little loss of effectiveness, you can modify the algorithm so that if an IPv4 address passes greylisting, you avoid greylisting anything in the /24 containing that IP address. That can help legitimate clusters quite a bit while only slightly increasing the risk from botnets.
indeed a good idea
RBL reject or hand it over to the smtpd daemon - after some months you will see the amount of botnet connections going down at all because it harms them waste 10 seconds for each delivery attemptI don't agree with that contention. Botnet operators have so many resources at their disposal that I doubt they care about or even notice any sort of delaying or tarpitting.
they don't because they have not much time for a bot until it gets blacklisted - i see a drop down from 50000 to 5000 attempts per day after postscreen replaced a Barracuda appliance
if they would have that much ressources postscreen even without RBL's would not be that effective because they don't wait until their turn to speak most of the time and so have no chance for delivery - the 13407 pregreets this month are "hurry up i have no time zombies"
Blacklist: 75009 Pregreet: 13407
signature.asc
Description: OpenPGP digital signature
