On 24.07.2012 12:51, Joseph Tam wrote:
Morten Stevens <mstev...@imt-systems.com> writes:
So it is now RFC compliant. Anyway I think delaying mail traffic is
not
a good solution.
Well, OK, if you not keen on greylisting, you can try greet pausing,
which introduces a shorter delay.
It tests a bot's patience by inserting a pre-HELO pause. RFC allows
5
minutes before timeout. This is last week's stat for one of my mail
server and the count of early-talker or early-disconnecter, almost
all of which are bots. A greet pause of over 20s dumps a lot of
bots.
Expect to whitelist the odd server here and there because they've
tuned
their servers to some aggressively small RFC non-compliant timeouts.
Yes, something like greet_pause (sendmail) or postscreen (without deep
protocol tests) is a very good solution. In addition, several DNSBLs
with different scores.
This could for example look like this: (for postfix users)
postscreen_dnsbl_threshold = 3
postscreen_dnsbl_action = drop
postscreen_greet_action = enforce
postscreen_dnsbl_sites =
ix.dnsbl.manitu.net*3
b.barracudacentral.org*3
zen.spamhaus.org*3
dnsbl.njabl.org*2
bl.spameatingmonkey.net*2
bl.spamcop.net
spamtrap.trblspam.com
list.dnswl.org=127.[0..255].[0..255].0*-2
list.dnswl.org=127.[0..255].[0..255].1*-4
list.dnswl.org=127.[0..255].[0..255].[2..255]*-6
Best regards,
Morten
