Yes, I can connect to every other SMTP server I've tried to connect to from home (even AOL's if you can believe that). It is only hotmail's servers that I can not connect to. The reverse DNS to my account at home shows it is a cable IP (ool-18beaed3.dyn.optonline.net)
From my IMGate config file, blocking by MTA:
/etc/postfix/mta_clients_bw.map:
dyn.optonline.net 554 ACL mta_clients_bw
ANY subdomain at or below dyn.optonline.net is blocked.
MS has probably observed the same all of us who deals with MX traffic, how huge is the abuse from the above network.
Some operators like optonline, pacbell, attbi, aol.com have the brains or happy accident to set up their PTR records under consistent, recognizable subdomains, which makes it very easy to block by PTR hostname rather than by ip.
If you have regex available in your blocking rules, here's a list of PTR hostname node labels that I've harvested:
/(abo|docsis|dsl|client|dyn|dhcp|pool|cpe|host|cust|dial|access|in\-addr|arpa|cable|nombres|upc\-[a-z]|user|bri\-).*\..*\./ 554 ACL mta_clients_dul
abo = abonne = "subscriber" in France Telecom's WanAdoo ISP, their MTA's have "smtp"
nombres = numbers for the Spanish operators in Spain and S. America.
So the pattern would match PTR hostnames like:
(anything)label(anything).anything.anything
... including:
dyn.optonline.net
:))
To catch the false positives, change the 5xx fatal response code to a 4xx transient code so their MTA's will keep trying for window of time in which you can whitelist, and the sender/recipient won't even be aware that they got blacked then whited.
But 4xx brings a problem in that some of these jerks' retry interval is anything from 1 minute to 10 mins, so one, single 4xx-rejected msg can come back and be rejected 100's of times in a short period.
Len
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
