> > > #reject for 40 seconds each time we get a smtp_penalty_box hit
> > > iptables -A INPUT \
> > > -m recent --name smtp_penalty_box --rcheck --seconds 40 \
> > > -j DROP
...
> > We do something not entirely unlike this with an ACL.
> >
> > defer condition = ${if and {{! def:acl_c2} \
...
> > If you're starved for resources you might not want to do this since
> > you might be holding on to a lot of connection from spammers. We
> > haven't found this to be much of a problem, however, since I suspect
> > that a lot of spammers break the connection when they're not allowed
> > to send mail at the rate they want.
> >
> > I think this is a neat trick, but I can't take credit for it. Kjetil
> > Homme is the one that came up with it.
>
> Outstanding. Thank you sir.
Turns out the wheel I was trying to invent is called
"greylisting" and was already well invented and implemented
in the form of greylistd...
http://packages.debian.org/unstable/mail/greylistd
http://projects.puremagic.com/greylisting/
It doesn't tarball the spammers but it does slow bad actors
and prioritize good actors. It's working great.
Thanks all who responded.
T
