Author: Marc Perkel Date: To: Martin A. Brooks CC: Exim users mailing list Subject: Re: [exim] Greylisting - using Exim new features - ratelimit with
noupdate
Martin A. Brooks wrote: > Marc Perkel wrote:
>> The idea behind this is that it requires the server be touched twice
>> in the proper order to get in. Spam bots try once and not in the
>> proper order. That's how the filter works.
>
> This is, effectively, an implementation of port knocking, a security
> practice I have yet to be convinced is worth the effort. I'm
> wondering how your implementation will deal with perfectly legitimate
> email coming from the many many SMTP sending engines that don't follow
> the standards.
>
>
I've been running in on 1600 domains for several months and not having
any false positives and botnet spam is almost 100% gone. And I say
almost because I'm conservative. I have not seen a single one of them in
months, but my new abuse reporting system is forwading 7000 spambot
abuse reports an hour.
If anyone here is tired of fighting spam and just wants the problem to
go away, email me privately and I can let any of you try it out and see
how it works.