Re: [exim] Using GeoIP to block spammers - anyone?

Top Page
Delete this message
Reply to this message
Author: Chris Lightfoot
Date:  
To: Odhiambo G. Washington, exim-users
Subject: Re: [exim] Using GeoIP to block spammers - anyone?
On Sat, Jun 24, 2006 at 01:18:05PM +0300, Odhiambo G. Washington wrote:
> * On 23/06/06 21:07 +0100, Chris Lightfoot wrote:

    [...]

> | So can you not, in the MAIL FROM ACL, drop the connection
> | immediately if the user is not in classes (a) or (b)? Or
> | are there MUAs which try MAIL FROM and only then
> | authenticate?
>
> They use all sorts of MUAs.


ok -- but it should be possible to find out from the logs
whether any of them ever send MAIL FROM before
authenticating, and therefore whether the above approach
would block any legitimate user.

> | The overhead of doing this should be minimal -- the typical
> | spammer would issue ``HELO whatever'', then
> | ``MAIL FROM: <whatever>'', and would immediately have the
> | connection dropped. Or you could reject the MAIL FROM:
> | command -- I assume that would have the same effect.
>
> So basically, you are saying that I should forget about dropping
> the connections at acl_smtp_connect and instead shift to either
> acl_smtp_helo or acl_smtp_mail, yes?


exactly.

-- 
``Acts of violence do not help, [whichever] part
  of the world they might take place in....''    (John `Two Jabs' Prescott)