Richard Creighton wrote:
> I don't think he wants to block off the public, just someone he has > detected abusing. I have a friend that has a small newsletter she > sends out to a growing list of people and recently she hit a limit from > road-runner. She could receive mail just fine but when she hit the > limit of the magic number of E-Mails, she couldn't connect to the SMTP > server for 24 hours. I agree that counting packets like you do with > SSHd is probably the wrong criteria, but detecting the IP of an incoming > site that is attempting to post too many messages and then selectively > turning off that IP at the firewall could be effective. I know the > abuser could simply change IP numbers so the detector needs to watch at > a higher level then notify the firewall about the new IP to block, but > it could work....it does with RR...so, the measure of bad email senders > could be any field in the SMTP header or even message content scanners > like the one in many mail servers like Surgemail or reverse DNS checking > or whatever is effective, coupled with turning off the current incoming > IP. The server discards or rejects any bad messages it receives, but > the firewall can prevent the messages from getting through in the first > place once triggered. I admin a mail server that deals with maybe 20 million messages a month, so I've had some experience here, and for my money, simple is safe. You try to get too fancy and you're going to piss off some important users when something goes haywire. What we've found effective is to put some basic sanity checks up front - greylisting, recipient verification, RBLs, smtp helo checks, tarpits for abusers etc. BTW policyd is an excellent companion to postfix as a means to implement smtp policies like greylisting etc. > Spammers are likely to go somewhere easier, > where are so many Windoze machines available :) Indeed, I've seen reports that about 80% of the common spam that we get is coming from swarms of zombie windoze peecees which have been commandeered for service in botnets. Joe -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
