--On 10 November 2006 10:31:38 +0000 Clive Goodhead <clive@???> wrote:
> For some months now we have used a HELO ACL to delay by
> 35 seconds all connections with suspicious looking HELOs.
> This is very effective at reducing the amount of spam
> that our servers receive, while not preventing "real"
> email getting through, because much of the current
> spamming software seems to drop the connection during the
> delay period.
Is 35 seconds really necessary? It will fall foul of sender verification
callouts, preventing you from sending messages to hosts that call out with
suspicious looking HELOs.
Have you experimented with shorter delays? Putting the delay at pre-data,
so that you can exempt your postmaster address?
Of course, the only resources you need to worry about are process count
(some systems have limits to the number of concurrent processes, so you
should find out what your limit is), and RAM. The waiting process won't
actually do any processing, disk access or network access.
> As our mail volumes get higher, however, I am beginning to
> be concerned about the load that all these delayed
> connections will place on our servers. At the moment it
> does not appear to be an issue, but I am looking for advice
> on whether or not it is likely to become a problem.
>
> Regards
>
> Clive Goodhead
> --
> ------------------------------------------------------------
> Cornwall Internet Limited
> Registered in England, registered number 3387326.
> Registered office: Montaza, Fore Street, Goldsithney,
> Penzance, Cornwall, UK.
> ------------------------------------------------------------