On Wed, Mar 16, 2005 at 05:54:37PM +0000, Jeremy Harris said:
> Renaud Allard wrote:
> >Hello,
> >
> >I just stumbled into a small idea for preventing spambots. As it seems
> >many spambots like to connect multiple time from the same IP at the same
> >time to the server. Each instance for only one mail delivery. This
> >implies the server is busy checking all the inputs from this very same
> >IP.
>
> As others have said, not quite enough. Correlating with mutating-HELO
> is currently a good tactic though. I'm doing this, triggered by
> a helo-verify fail. Unfortunately, false-positives still include
> EBay and Amazon.
How are you doing this? storing $sender_helo_name in $acl_c0 or
something, and then comparing again? Cool - I like it.
--
--------------------------------------------------------------------------
| Stephen Gran | "So, will the Andover party have a cash |
| steve@??? | bar?" "No, there's free beer." "Uh-oh, |
| http://www.lobefin.net/~steve | Stallman's gonna be pissed..." |
| | -- overheard at the Bazaar, 1999 |
--------------------------------------------------------------------------
