Re: [exim] Deny vs. Drop

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MDean Brooks at <-
MMarc Sherman at ->
Delete this message
Reply to this message
Author: Marc Sherman
Date:  
To: exim-users
Subject: Re: [exim] Deny vs. Drop
Dean Brooks wrote:
>
> Even if you know positively that the sender is a spammer, their SMTP
> service will keep reconnecting over and over for each additional
> message (if dropped at MAIL/DATA) or recipient (if dropped at RCPT)
> that is still queued.

That's true for real SMTP servers. It's false for most zombie farms,
which typically run broken hacks that only vaguely resemble an SMTP server.

So in general, the question that you need to answer to decide if you
should drop or deny isn't, "Is this message spam?" but rather, "Is this
sender a zombie?"

Dropping connections for a real SMTP server will result in higher load,
as the server will just reconnect to send the next RCPT/MAIL in its
queue. Dropping connections for zombies, on the other hand, will result
in lower load, as the zombie generally won't change their behaviour in
response to yours.

- Marc



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Mainlog FileRe: [exim] Deny vs. Drop->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)