Charles Cazabon wrote: > > Andre Oppermann <[EMAIL PROTECTED]> wrote: > > > > > > Could you check out this improved version? > > > > > > The mail attempt should not be rejected at the data phase but already > > > at the time when a second rcpt-to is tried. Also it extends the bounce > > > detection logic a bit (from the NOSPAM patch included in qmail-ldap). > > It adds <#@[]> as another envelope sender which is only allowed to send > messages to a single recipient. Is this valuable? I only ever see it > used as the envelope sender for a double-bounce, which ideally shouldn't > be delivered over the network.
But it might... > As for when smtpd issues the 5x code, why is it better to do it when the > second RCPT TO command is issued? To me, that might make the sending > MTA think the first address is valid, while the second address is not. Well, the first address *is* valid, just not the second or any other. The idea of any such patch is to minimize the resources an abuser will consume until he gets detected and rejected. In the case of such a spammer he will issue 500 rcpt-to's with your patch while consuming your bandwidth and your servers CPU time as well as a smtpd slot for some time. Upon going over to the data phase you kick him off. In my patch I kick him off with the second rcpt-to without wasting much bandwidth or CPU time and smtpd slot consumption. -- Andre
