On 22-May-2009, at 06:14, Arvid Ephraim Picciani wrote:
- greylisting
I do this to great effect, but not for all servers (see below)
- rejecting broken HELO at smtp time (such as "MUMS_XP_BOX")
Yep, I reject a lot of messages based on helos
- rejecting dynamic IPS at smtp time (PBL)
I use zen, but I also have a FQDN check that rejects a lot (and also
greylists):
/\.?(dhcp|dialup|dynamic|ppp|pool)\.?/ REJECT Dynamic addresses
must use a real mailserver
/\.(dsl|\d+dls|dsl\d+)\./ REJECT Dynamic DSL
looking address
/^[^\.]*[0-9][^0-9\.]+[0-9]/ check_greylist
/^[^\.]*[0-9]{5}/ check_greylist
/^([^\.]+\.)?[0-9][^\.]*\.[^\.]+\..+\.[a-z]/ check_greylist
/^[^\.]*[0-9]\.[^\.]*[0-9]-[0-9]/ check_greylist
/^[^\.]*[0-9]\.[^\.]*[0-9]\.[^\.]+\..+\./ check_greylist
(DSL is separate for historical reasons on my server)
- firewalling hosts with 100% spam, forever.
I'm using fail2ban so blacklisting failed connections is transparent.
Only banning for 15m right now as I continue to test.
--
The fact that Bob and John are married does nothing to diminish
anyone else's marriage any more than a black woman marrying a
white man, a Jew marrying a Catholic, or an ugly Lyle marrying
a Pretty Woman
