Author: Marc Sherman Date: To: exim-users Subject: Re: [exim] Deny vs. Drop
Dean Brooks wrote: >
> Even if you know positively that the sender is a spammer, their SMTP
> service will keep reconnecting over and over for each additional
> message (if dropped at MAIL/DATA) or recipient (if dropped at RCPT)
> that is still queued.
That's true for real SMTP servers. It's false for most zombie farms,
which typically run broken hacks that only vaguely resemble an SMTP server.
So in general, the question that you need to answer to decide if you
should drop or deny isn't, "Is this message spam?" but rather, "Is this
sender a zombie?"
Dropping connections for a real SMTP server will result in higher load,
as the server will just reconnect to send the next RCPT/MAIL in its
queue. Dropping connections for zombies, on the other hand, will result
in lower load, as the zombie generally won't change their behaviour in
response to yours.