Re: [exim] RBL Blocking

Top Pagina
Delete this message
Reply to this message
Auteur: Heiko Schlittermann
Datum:  
Aan: exim-users
Onderwerp: Re: [exim] RBL Blocking
On 22. Februar 2014 20:00:31 MEZ, Viktor Dukhovni <exim-users@???> wrote:
>On Sat, Feb 22, 2014 at 12:10:49PM -0600, Matt wrote:
>
>> What if I want to block at connect time like right after HELO, EHLO
>or
>> even before that?
>
>Returning 5XX at connect time (server SMTP banner) is unwise:
>
>    - Postfix and various other MTAs will by default treat a 5XX
>      banner as a temporary error condition, and will queue and retry.
>      The reason is historically flawed 5xx responses from some servers
>      when they're overloaded.

>
>    - You don't get to log the sender and intended recipients, so it is
>      difficult to identify false positives in your logs when users
>      report missing email.

>
>If you return a 5XX "EHLO" response, the first objection goes away,
>but the second remains. You should generally leave RBL processing
>at the RCPT TO stage, so you can log rejected recipients.


And I'm not sure, but I think, you should not block messages to postmaster. To achieve that, you have to wait for RCPT.

Rejecting with 5xx at SMTP connect is about the same as a TCP reject, as Viktor says, most MTA will retry later or at your fall back MX.

(But spam senders won't care, so probably it helps. Remains the postmaster issue as a reason to wait for the RCPT.)

--
Heiko Schlittermann (unterwegs)