Am 30.11.2015 um 19:35 schrieb John Hardin:
On Mon, 30 Nov 2015, David B Funk wrote:These "snowshoe" spams are a bit difficult to nail because they keep hopping around. After a day or two they're listed in various RBLS (both for the IP and URL hostname) but they rarely sit still long enough for that to help much.In that vein: is your environment such that you can implement greylisting and delay accepting mails from new correspondents for a bit, to allow the RBLs to recognize them? This will also cut down on spammers that don't do retry
additionally: try to put greylisting after dnswl's and spf-policyd in the MTA - that won't slow down regular traffic and big senders which often retry with different outgoing servers
so you have both: * killed clients which don't retry * spambots which retry likely on more blacklists the next time * minimized bad impact for regular mail-flow
signature.asc
Description: OpenPGP digital signature
