Gordan Bobic writes:
I've just been looking through my mail logs to assess the effectiveness of the RBLs, and I see things like the following:courieresmtpd: error,relay=::ffff:88.236.181.253,from=<[EMAIL PROTECTED]>,to=<[EMAIL PROTECTED]>: 511 http://www.spamhaus.org/query/bl?ip=88.236.181.253Since it has the from and to addresses listed, that implies that the RBL was consulted after the MAIL FROM and RCPT TO commands were sent. Is this not wrong?
No, it's right.
I would have thought that in the interest of wasting fewer resources on spammers, RBL should be checked sooner. Possibly even before the server responds with the initial 220.
… So that the spam source can easily detect that you're using a blacklist that has this particular IP address listed, and if the spam sender tries again from a different IP address, there's a good chance that it will be accepted.
As opposed as getting the SMTP transaction rejected in exactly the same point it would be rejected for an invalid recipient address, for example.
pgpOe7XzlcMwk.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
