>>>>> "Nigel" == Nigel Metheringham <Nigel.Metheringham@???> writes:
Nigel> * detect connections from ips on the SORBS DNSBLs and
Nigel> add a 90 second delay (hoping the spammers will give up)
Nigel> and a warning header.
If you are including the SORBS "spam" DNSBL in that check then you may
well get some false-positives, since some few ISPs do configure their
outgoing smarthosts with stupidly small timeouts and it's not uncommon
for ISP smarthosts to get listed on the SORBS spam list. That's about
the only case where I've had to drop a DNSBL from my "delay 80 seconds
if listed" check.
Known problem hosts for connect banner delay stuff include *.ops.us.uu.net,
smtp*.mts.net/mx*.mts.net, mx*.wvu.edu, and doubtless lots more that I've
not spotted. Some of these may only be sending bounces.
I currently delay the connect banner for hosts listed on any of the
following: CBL, DSBL, SPAMCOP, SPEWS, SBL or dul.dnsbl.sorbs.net
(only). I could change that to use the Spamhaus combined sbl-xbl list
in place of SBL and CBL separately, if I wanted to minimise lookups.
(CBL listed hosts are rejected at RCPT time even if they get past the
delay, unless they're mailing certain role accounts.)
--
Andrew, Supernews
http://www.supernews.com