On 22-May-2009, at 06:14, Arvid Ephraim Picciani wrote:
- greylisting
I do this to great effect, but not for all servers (see below)
- rejecting broken HELO at smtp time (such as "MUMS_XP_BOX")
Yep, I reject a lot of messages based on helos
- rejecting dynamic IPS at smtp time (PBL)
I use zen, but I also have a FQDN check that rejects a lot (and also greylists):
/\.?(dhcp|dialup|dynamic|ppp|pool)\.?/ REJECT Dynamic addresses must use a real mailserver /\.(dsl|\d+dls|dsl\d+)\./ REJECT Dynamic DSL looking address
/^[^\.]*[0-9][^0-9\.]+[0-9]/ check_greylist /^[^\.]*[0-9]{5}/ check_greylist /^([^\.]+\.)?[0-9][^\.]*\.[^\.]+\..+\.[a-z]/ check_greylist /^[^\.]*[0-9]\.[^\.]*[0-9]-[0-9]/ check_greylist /^[^\.]*[0-9]\.[^\.]*[0-9]\.[^\.]+\..+\./ check_greylist (DSL is separate for historical reasons on my server)
- firewalling hosts with 100% spam, forever.
I'm using fail2ban so blacklisting failed connections is transparent. Only banning for 15m right now as I continue to test.
-- The fact that Bob and John are married does nothing to diminish anyone else's marriage any more than a black woman marrying a white man, a Jew marrying a Catholic, or an ugly Lyle marrying a Pretty Woman