Author: W B Hacker Date: To: exim users Subject: Re: [exim] What's up ith the uceprotect blacklist?
Craig Whitmore wrote:
>>Many folks treat a sender-verify callout as a probe.
>>Many more don't respond in a useful or timely way.
>>
>>We *have* given it up.
>
>
> I've started to use callouts and I personally find they work quite well
> except for people who insist on sending out emails from invalid address so
> I've had to whitelist a few things like noreply@ etc. Also there are broken
> SMTP Servers which don't accept bounces (so I report them to rfc-ignorant).
> Most of the time I can contact the owners of the mail servers and get them
> to fix their broken mail servers.
>
> Thanks
>
>
At least at one time (I am NOT current) AOL, IIRC was 'claiming to' treat the
connect-query-abort-without-traffic callout sequence as a probe and blacklisting
the source. Dunno if they actually *did* do so, but we don't need to find out,
so ..
OTOH, any 'fixed base' spammer with 'proper' DNS entries, or a DynDNS resolver
service, can easily configure so as to 'verify' any address queried, hosted or not.
The majority of bogus 'senders' seem to come off of bogus servers, that do NOT
have these credentials, so forward/reverse lookup, HELO mismatch, and dynamic-IP
RBL hits - which are at least cached/cachable - are already a pretty good
indicator.
All manner of hits here are posted to .csv files and/or PgSQL DB table from
which we generate our own 'recently rude' local BL - not of the whole world, but
of the ones that have targeted *our* servers.
