Chris Edwards wrote:
> Anyone else noticing more concurrent incoming SMTP connections in last
> couple of weeks ?
>
> Chances are it's a buggy botnet, and has been discussed in various places
> including:
>
> http://blogs.msdn.com/tzink/archive/2007/09/01/new-spamming-tactic.aspx
>
> and I'm guessing is responsible for the recent "smtp_reserve_hosts" thread
> on exim-users.
>
> Suggestions seem to include lowering timeouts - which seems likely to
> break legit things.
>
> Perhaps it's time to switch our DNSBL etc tests from "deny" to "drop" mode.
> Is there any obvious downside to this ? Do most folk use drop already ?
>
>
>
I've noticed it. Especially since I'm doing a lot of Fake Rejects. Is
there a way to do a fake reject and a drop so that after the fake reject
I can force the connection closed?
