Re: [exim] slowing spammers with iptables -m recent

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Alan J. Flavell
Date:  
À: Exim users list
Sujet: Re: [exim] slowing spammers with iptables -m recent
On Sun, 27 Nov 2005, Tony Godshall (replying to me):

> > I'd recommend blocking patterns of dynamic/generic IP addresses at
> > RCPT time, such as this adsl-63-195-120-242.dsl.snfc21.pacbell.net
> > (wildcards or regexes can be useful, also there are dnsRBLs that you
> > can use). Then you won't need to get as far as verifying their
> > envelope sender domain.
>
> Oh, that one *is* a problem. I have a static ip myself, but
> it's dhcp-configured by my cable company, quite likely in
> the middle of a dynamic block. People who follow advice
> like like yours are blocking legit people like me. Like
> freakin Verizon does.


Well, I'm sorry, but your categorisation of "legit" is unfortunate:
the truth is that you're going to find increasing numbers of potential
recipients who will refuse mail on that basis, no matter how "legit"
you consider yourself to be.

I'd recommend reading news.admin.net-abuse.blocklisting on usenet for
a while, to get the general flavour of what's discussed there.

I'm afraid I categorise such senders as "otherwise-bona-fide", and
they may need to make contact first with the postmaster address so as
to get their offering IP whitelisted, before they can reach normal
recipient addresses. That's nothing to do with personal prejudice,
but merely a statement of fact on today's hostile Internet.

For a free-er exchange of mail, you should be using a reliable
smarthost (assuming that you are unable to get your own IP address
"properly" registered to the satisfaction of the mail admin
community). That's just the way that things are - irrespective of
what I might think or say personally about the matter.

> > Rejections done any earlier than the RCPT phase take away the option
> > for some otherwise-bona-fide correspondent to get a mail through to
> > your postmaster address if you accidentally block them.


You see - there's that term again ;-)

good luck