Re: [exim] Using GeoIP to block spammers - anyone?

Pàgina inicial
Delete this message
Reply to this message
Autor: Chris Lightfoot
Data:  
A: Odhiambo G. Washington, exim-users
Assumpte: Re: [exim] Using GeoIP to block spammers - anyone?
On Fri, Jun 23, 2006 at 10:40:25PM +0300, Odhiambo G. Washington wrote:
    [...]

>              What I want is to reduce the processing consequent
> upon spammer transaction, because again, I have disabled spam
> filtering on the hidden box, instead doing it on the new MX. That
> new MX is listed as the "highest priority", so everyone delivering
> mail by MX should be connecting to it.


ok. so any legitimate connections are from customers who
will either (a) be connecting from a legitimate IP range;
or (b) will authenticate before trying a mail transaction.
So can you not, in the MAIL FROM ACL, drop the connection
immediately if the user is not in classes (a) or (b)? Or
are there MUAs which try MAIL FROM and only then
authenticate? The overhead of doing this should be minimal
-- the typical spammer would issue ``HELO whatever'', then
``MAIL FROM: <whatever>'', and would immediately have the
connection dropped. Or you could reject the MAIL FROM:
command -- I assume that would have the same effect.

(I'm not sure how to drop the connection immediately in an
ACL -- I thought there might be a control command to do
it, but in extremis you could, e.g., write a perl function
that exits the current process, though that's ghastly.)

--
``... Traverse the curve, carrying a spear, in a time less
than that it takes for a lion to walk its own length.''
(How To Hunt A Lion: the Peano method)