On Sun, 7 Jul 2002, Derrick 'dman' Hudson wrote:
> That was more than likely a single connection. There is a max rcpts
> option, but I think it only applies to successful recipients.
>
> You could accept all rcpts at RCPT time and reject/bounce the message
> later. If the attacker is merely trying to build a spam list and
> quits before DATA, then you've just given a whole list of "verified"
> but bogus addresses to them.
Bummer. That's annoying.
> Hmm, with a host like that they may be in the DUL. If you want you
> can reject mail from DUL-listed hosts and tell them to use their ISP's
> smarthost instead.
Hmmm... might be worth the trouble to fill out the MAPS form for
individual sites then.
> I keep getting hit from a DSL-connected spammer in spain, and in
> addition to my address they also try "ga16040" and
> "ga11581@???". Repeatedly. No amount of rejection makes
> them go away. Since their spam got through SA, I added their host to
> a reject list. (If you want it : 217.127.31.182 , 217.125.79.217)
> They still won't go away. At least I'm not crunched for that
> bandwidth =p. (If I was I'd add them to my nimbda-based IP-level
> blocking.)
Too bad. The Spanish (almost wrote "Spammish") ISP won't take action
against their customer?
