Re: [exim] DENY vs. DROP

Top Page
This message is part of the following thread:
M+--+\the complete thread tree sorted by date
MM+\MMWakko Warner at <-
MMMMM 
Delete this message
Reply to this message
Author: Edgar Lovecraft
Date:  
To: Exim Users Mailing List
Subject: Re: [exim] DENY vs. DROP
Peter Bowyer wrote:
>
..[snip]...
>
> > It's my understanding that DROP just drops the connection, while DENY
> > issues an error and allows the connection to stay up until the
> > session ends. The former is what you'd do if you you knew you had a
> > spammer, but the latter is more civil
>
> That's a correct description of the behaviour, but I believe it's an
> incorrect conclusion. Dropping the connection can cause some brands of
> spamware to retry very hard indeed, whereas issuing a simple deny will
> cause it to move on quickly.
>

It has been my personal experience that deny's are better than drop's
in all but the connect acl. I also know that some use delay's before
they drop or deny or in some cases accept, I have also found that this
practice causes lots of problems. So any more, I do not use the delay
statment, and I only drop a connection in the connect acl, everything
just gets deny until they give up, and yes, I have my systems set up
so that after a certain point, every command they client gives, gets a
deny (well, at least any MAIL, RCPT, DATA, HELO, or AUTH command).

--

--EAL--

--




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] log_message in accept ACLs (Sorry about the "blank" mails")Re: [exim] tnef attachments->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)