Mikkel C. Simonsen wrote:
OpenBSD lists wrote:
Most of the spam I've received from marketing companies tends to come
from send-only servers (looking at the user-agent of the sending
server its some kind of Python library intended for just sending
pre-formatted messages to a list of recipients).
What I've done is constructed a script that while spmad is stuttering
their connection, it connects back to the sending server on port 25
and executes an EHLO. If the sending server doesn't respond to the
EHLO, it runs pfctl to add that server's address to a block list.
That will block a LOT of legitimate e-mail also. Including
semi-legitimate e-mails like this one... Why should all e-mail servers
accept connections from the outside?
Mikkel
Because that is what legitimate e-mail servers are supposed to do.
Yeah, it blocks emails from "Smart Host" SMTP servers, but I very rarely
interact with someone using such a setup.
Beside, this is only enabled on my primary server, the secondary server
will still accept email where the sender doesn't listen for SMTP. A
legitimate email server would detect the failure and try again with the
next MX record. Marketing and spam servers tend to see a single failure
and just carry on with spamming the next person.
My primary server is in a fairly expensive hosting provider (They are
very, very reliable, so the cost is worth it), so I try and avoid using
its bandwidth as much as possible. The secondary server is located in
the office and on a connection with no bandwidth cap but will fail
periodically.
My infrastructure was set up to stop malicious traffic traffic like bots
sending malware / phishing messages and non-reputable spammers. I've
noticed a correlation between marketers that don't respond to
unsubscribe messages and running servers that don't bother to resend in
case of error.
-C
.
