kar...@mailcan.com:
>
>
> On Fri, Apr 27, 2012, at 08:54 PM, Bron Gondwana wrote:
> > Just as an interesting point from a fairly large site (fastmail.fm) we
> > do something very like that. We run a standalone daemon, and we keep
> > a "bad list" of IPs who get dumped immediately without even a DNS lookup.
> >
> > One of our patches to postfix allows that, dropping the connection while
> > doing nothing more than a syslog of the IP address.
>
> That's interesting. Just our of curiosity, as I'm in the midst of
> reading about policy daemons, milters, before & after queue filtering,
> etc.
>
> At a high-level -- how did you implement this? Sounds like you're
> actually patching postfix code, and not handing off to a
> dameon/milter/etc early in the process.
For small sites, postscreen has an up-front blacklist that kicks
off clients before wasting resources on them.
Wietse
