On 24.07.2012 12:51, Joseph Tam wrote:
Morten Stevens mstevens@imt-systems.com writes:
So it is now RFC compliant. Anyway I think delaying mail traffic is not a good solution.
Well, OK, if you not keen on greylisting, you can try greet pausing, which introduces a shorter delay.
It tests a bot's patience by inserting a pre-HELO pause. RFC allows 5 minutes before timeout. This is last week's stat for one of my mail server and the count of early-talker or early-disconnecter, almost all of which are bots. A greet pause of over 20s dumps a lot of bots. Expect to whitelist the odd server here and there because they've tuned their servers to some aggressively small RFC non-compliant timeouts.
Yes, something like greet_pause (sendmail) or postscreen (without deep protocol tests) is a very good solution. In addition, several DNSBLs with different scores.
This could for example look like this: (for postfix users)
postscreen_dnsbl_threshold = 3 postscreen_dnsbl_action = drop postscreen_greet_action = enforce postscreen_dnsbl_sites = ix.dnsbl.manitu.net*3 b.barracudacentral.org*3 zen.spamhaus.org*3 dnsbl.njabl.org*2 bl.spameatingmonkey.net*2 bl.spamcop.net spamtrap.trblspam.com list.dnswl.org=127.[0..255].[0..255].0*-2 list.dnswl.org=127.[0..255].[0..255].1*-4 list.dnswl.org=127.[0..255].[0..255].[2..255]*-6
Best regards,
Morten