On Fri, 22 Aug 2003 19:50:58 -0400 Wakko Warner <wakko@???> wrote:
> > for some time, i've been mechanically doing all of my acl stuff in the
> > recipients check, based on conventional wisdom that 5xx gets listened
> to
> > best after RCPT TO:
> I've heard this as well. If there is a host that bangs on my server, I
> drop
> their IP into my firewall.
my server is in colo, there is no firewall. for clients of mine that have
firewalls, i do try and choke off bad remote hosts as early as possible.
...
> I'd prefer to put ones like this into the connect acl.
good idea. i've only just started considering alternative acl placements
for rules.
> Might not be a bad idea to temporarily firewall out anyone who HELOs
> with a
> name that doesn't have a dot (only due to sobig). I've seen tons of
> connections from the same host sending sobig
i think it's a good idea when you have control over a firewall. best i can
do is tcp wrappers (which i have done when i've gotten tired of looking at
certain connection requests in my rejectlog.)
richard
--
Richard Welty rwelty@???
Averill Park Networking 518-573-7592
Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
