Jay Lee writes:
I have Courier configured to query the SBL-XBL list in order to block off some of the more flaggarant spammers. What I see in my logs is a lot of this:
Apr 3 04:07:35 courier courieresmtpd: started,ip=[198.172.95.91]
Apr 3 04:07:43 courier courieresmtpd: error,relay=198.172.95.91,from=<[EMAIL PROTECTED]>,to=<[EMAIL PROTECTED]>: 511 http://www.spamhaus.org/SBL/sbl.lasso?query=SBL25510
Apr 3 04:07:43 courier courieresmtpd: error,relay=198.172.95.91,msg="502 ESMTP command error",cmd: DATA
Why does courieresmtpd wait until after mail from: and rcpt to: to do the rbl lookup? Couldn't it do it after the helo or even as soon as the smtp client starts the connection? According to my logs, courieresmtpd still isn't hanging up after the 511, spambots still try to send DATA. Is there a reason Courier doesn't forcefully drop the tcp connection after the 511?
If a spambot tries to attack you with multiple simultaneous connects, it is to your advantage to keep each connection open as long as you can, so that the spambot gets nailed by the limit on the maximum number of allowed connections from the same IP address.
pgpQct4qE5ePF.pgp
Description: PGP signature
