Am 18.06.23 um 18:53 schrieb Klaus Ethgen via mailop:
Hi,
I have tighten my firewall a bit and seen many attacks from Microsoft
(40.92.0.0/16).
Attacks or mail delivery attempts?
They contact once from a IP and then never again. If I
greylist them, the will try to deliver from a different address which
gets greylisted again and so on.
How do you reject them? Using a 4xx temp error? Or some other mechanism, such as closing the connection prematurely? If
you do it in the firewall, it might do something else than a normal greylisting mailserver would.
Microsoft's outgoing mailservers might try to distinguish between greylisting hosts and unreachable hosts, preferring to
retry from a completely different IP when hosts are unreachable, under the assumption that it might be a routing issue.
Could you please tell me how to handle that broken mail delivery? It
triggers all, my mailserver attack filter as well as greylisting.
If it consistently breaks valid mail, it's probably your side that's broken :-)
Greylisting is something that only makes sense when dealing with very braindead ratware on hijacked home network
connections. Any real outgoing MX, whether operated by legitimate organizations or by spammers, will retry and thus
defeat the intent of greylisting. I would just drop greylisting from the list of effective anti-spam measures.
Cheers,
Hans-Martin
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
