kar...@mailcan.com: > > > On Fri, Apr 27, 2012, at 08:54 PM, Bron Gondwana wrote: > > Just as an interesting point from a fairly large site (fastmail.fm) we > > do something very like that. We run a standalone daemon, and we keep > > a "bad list" of IPs who get dumped immediately without even a DNS lookup. > > > > One of our patches to postfix allows that, dropping the connection while > > doing nothing more than a syslog of the IP address. > > That's interesting. Just our of curiosity, as I'm in the midst of > reading about policy daemons, milters, before & after queue filtering, > etc. > > At a high-level -- how did you implement this? Sounds like you're > actually patching postfix code, and not handing off to a > dameon/milter/etc early in the process.
For small sites, postscreen has an up-front blacklist that kicks off clients before wasting resources on them. Wietse