Re: [exim] Rejecting direcly connected customers at connect …

Top Page
Delete this message
Reply to this message
Author: Andreas Pettersson
Date:  
To: exim users
Subject: Re: [exim] Rejecting direcly connected customers at connect time
W B Hacker wrote:

>Andreas Pettersson wrote:
>
>
>>Might I end up with some
>>unexpected problems? Are the regexes matching the end users and do their
>>ISP's really serve them with mail gateways?
>>
>>
>
>You need not worry about that part.
>
>Many senders NOT using the ISP's MTA are zombies. They don't read.
>
>Most of the others are folks believe that if they can tick a box, their machine
>can be an MTA. They *won't* read, they'll either cry 'unfair', blame the system,
>or both.
>
>

Well, that's their problem ;)

>'unexpected..'
>
>While your list does have some of the more common offenders, you will need a
>list of perhaps 200-500 to stop 60-70% of such misbehaviour, and 600-2,000 to
>stop 95%+ of it. Or so we see after 'mining' a year's worth of logs and running
>such a list for many months.
>
>As I say often here - your traffic pattern may be very different from some other
>mx, ours *especially*.
>
>

I have been monitoring my logs for a while now, and only these major 5
or 6 'farmers' stands behind at least 30-40% of my incoming junk.
Killing these at connect time will save spam some scanning resources
later on. For me, that is.

>There may be some further oportunity to seek the 'smell' of dynamic IP in the
>prefix, *independent* of the domain.tld. IOW *any* appearacne of 'pool', 'dial',
>'dyn', 'res', 'adsl', and so on.
>
><snip>
>
>OTOH, before we get this far, we have already dropped arrivals that do not pass
>forward/reverse lookup, have no DNS entry at all, so don't have to check every
>arrival against these lists. Far from it!
>
>

God, I would love to have my setup like that. Unfortunately my users are
receiving legit mail from far too many braindead mail servers setups,
and the morality among those admins is "It's working so why care about
rdns?".
Me rejecting them would result in something like "Hey, we have no
problem sending mails to everyone else, it's your setup that is faulty".

Anyway, thanks for sharing your thoughts in this issue :)

Regards,
Andreas