On Sat, Feb 22, 2014 at 12:10:49PM -0600, Matt wrote:
> What if I want to block at connect time like right after HELO, EHLO or
> even before that?
Returning 5XX at connect time (server SMTP banner) is unwise:
- Postfix and various other MTAs will by default treat a 5XX
banner as a temporary error condition, and will queue and retry.
The reason is historically flawed 5xx responses from some servers
when they're overloaded.
- You don't get to log the sender and intended recipients, so it is
difficult to identify false positives in your logs when users
report missing email.
If you return a 5XX "EHLO" response, the first objection goes away,
but the second remains. You should generally leave RBL processing
at the RCPT TO stage, so you can log rejected recipients.
--
Viktor.
