On 6/8/2017 10:54 AM, Richard James Salts via Exim-users wrote:
> On Thursday, 8 June 2017 9:21:21 AM AEST Jerry Stuckle wrote:
>> On 6/8/2017 4:54 AM, Graeme Fowler via Exim-users wrote:
>>> On 7 Jun 2017, at 22:12, Jerry Stuckle <jerry@???
> <mailto:jerry@smartechhomes.com>> wrote:
>>>> Yes, I understand that. But there isn't much I can do if the registrar
>>>> doesn't support the create date. That's why it returns -1 if the create
>>>> date cannot be found and the test is for 0 <= days <= 7.
>>>
>>> Aren't you just replicating the 'Day Old Bread' DNSBL here?
>>>
>>> Look at the check in SpamAssassin - URIBL_RHS_DOB. You could very likely
>>> just use a lookup type of dnsdb against that DNSBL instead of calling out
>>> to a script.
>>>
>>> Graeme
>>
>> Graeme,
>>
>> No, for two reasons. One is that it relies on an unreliable list - see
>> http://www.support-intelligence.com/dob/. Of course, it has been "in
>> beta" for years, but that doesn't mean it's reliable. I have disabled
>> it on our systems due to false positives in the past.
>>
>> The second is the list (if it worked) has a fixed five day range. This
>> test allows you to set the date range.
>>
>> Interestingly enough, mail logs show in the first five or so hours after
>> I implemented the change 33 emails were rejected. The last one was a
>> bit after 2300 UTC last night. We have had zero since that time. Most
>> days we would have had at least 50 overnight. Are the spammers actually
>> looking at rejections?
> Probably not rejections, but possibly slowness (e.g. https://serverfault.com/
> questions/350023/tc-ingress-policing-and-ifb-mirroring to limit the rate they
> can send to 300 bit/s or something).
>>
>> One can only hope :)
>>
>> Jerry
>
No, I don't believe it was slowness because the SPAM was not coming from
just one server or ISP. It was coming from many MTAs, all over the
world. Some might even have been compromised home computers used as
spam relays; I never dug that far.
Jerry
