> > > for some time, i've been mechanically doing all of my acl stuff in the > > > recipients check, based on conventional wisdom that 5xx gets listened
> > to
> > > best after RCPT TO:
>
> > I've heard this as well. If there is a host that bangs on my server, I
> > drop
> > their IP into my firewall.
>
> my server is in colo, there is no firewall. for clients of mine that have
> firewalls, i do try and choke off bad remote hosts as early as possible.
>
> ...
> > I'd prefer to put ones like this into the connect acl.
>
> good idea. i've only just started considering alternative acl placements
> for rules.
>
> > Might not be a bad idea to temporarily firewall out anyone who HELOs
> > with a
> > name that doesn't have a dot (only due to sobig). I've seen tons of
> > connections from the same host sending sobig
>
> i think it's a good idea when you have control over a firewall. best i can
> do is tcp wrappers (which i have done when i've gotten tired of looking at
> certain connection requests in my rejectlog.)
You can use IPCHAINS or IPTABLES to drop IP's, its simple to script somethng
that will block an IP for any length of time then reset it again
