Autor: Edgar Lovecraft Data: Para: Exim Users Mailing List Asunto: Re: [exim] DENY vs. DROP
Peter Bowyer wrote: > ..[snip]... >
> > It's my understanding that DROP just drops the connection, while DENY
> > issues an error and allows the connection to stay up until the
> > session ends. The former is what you'd do if you you knew you had a
> > spammer, but the latter is more civil
>
> That's a correct description of the behaviour, but I believe it's an
> incorrect conclusion. Dropping the connection can cause some brands of
> spamware to retry very hard indeed, whereas issuing a simple deny will
> cause it to move on quickly.
>
It has been my personal experience that deny's are better than drop's
in all but the connect acl. I also know that some use delay's before
they drop or deny or in some cases accept, I have also found that this
practice causes lots of problems. So any more, I do not use the delay
statment, and I only drop a connection in the connect acl, everything
just gets deny until they give up, and yes, I have my systems set up
so that after a certain point, every command they client gives, gets a
deny (well, at least any MAIL, RCPT, DATA, HELO, or AUTH command).