Tony Finch wrote:
> On Sat, 12 Feb 2005, Andrzej Adam Filip wrote:
>
>>In short: "rejecting in greeting message" (5?? or 4??) can be used as a smart
>>way to hint "try your ISP relay".
>
> The problem with doing this is that it prevents people contacting your
> postmaster. This is why Exim installations usually implement all their
> policy-based rejections after RCPT.
The measure was suggested (only) for blocking mail from Dyna IPs.
As I wrote some MTAs (sendmail) will try configured fallback relays in
responce to 5?? *greeting*. 5?? reply to "RCPT TO:" will make all MTA to
stop any further delivery attemts (to this recipient).
Blocking dynamic IPs is a very good measure for preventing spam, mail
viruses outbreaks hitting server performace, DDoS attacks.
In greeting blocking of Dyna IP is not perfect but (IMHO) it is better than
after "RCPT TO:" blocking. Your mileage may vary.
Take a look about rfc-ignorant *current* stance about blocking postmaster
due to RBL listing:
<quote src="
http://rfc-ignorant.org/policy-postmaster.php ">
* After careful consideration, there seemed to be a consensus among users
that use of blacklists, etc., did not meet the "narrowly tailored"
requirements for blocking mail to postmaster, but that it would be
undesirable to list sites simply for employing the MAPS RBL and such on
their postmaster address. It was decided that we wouldn't list folks if the
rejection message for postmaster seemed to indicate the reason for denial
("{ip} rejected as listed on the MAPS RBL", etc.)
</quote>
--
[en: Andrew] Andrzej Adam Filip : anfi@??? : anfi@???
http://anfi.homeunix.net/ Netcraft Site Rank: 480164
All that is necessary for the triumph of evil is that good men do nothing
-- Edmund Burke (1729-1797)