Re: [exim] Defer as a spam filter

Alan J. Flavell wrote:

> As so often, "it depends on what you're trying to achieve".

Making all email go through, as fast as possible, with as little
overhead on my end as possible. :)

> Indeed, quite a few pump-and-dump spammers can be got rid of by simply
> delaying for somewhat over 60 seconds at the RCPT stage, without
> having to defer at all. Genuine MTAs usually cope with a delay of at
> least a couple of minutes, if not the whole 5mins recommended in the
> RFC.

I have learned that making assumptions about the remote hosts idea of
"RFC compliance" is not a good idea :)

> But of course it's an arms-race. If the majority of sites used these
> techniques, the spammers would have to find a way of overcoming them.
> The techniques only work as long as you're in the minority, so the
> spammers can't be bothered to put in the effort to overcome them.

If the majority of sites would use greylisting we'd all have to buy
bigger disks for our spool space. Did I mention that exim has a weakness
in handling large queues?

>>But I know that email admins in academia are nearly untoucheable.
>
> By no means: I get a steady trickle of complaints from our users about
> spam that leaked through, asking me to implement better defences.
> Plus just the occasional complaint about a false-positive rejection.

Sorry, I did not want to offend. I admit my comment was over-the-top. It
all depends on how you can afford to push a policy that is uncomfortable
for your users. The ones I relay email for prefer instant incoming
delivery over a few more genital enlargement messages. ;)

/tom