On Fri, Dec 02, 2005 at 09:32:54AM +0100, mouss wrote:
> Robert Felber a écrit :
> >On Fri, Dec 02, 2005 at 02:23:00AM +0100, mouss wrote:
> >>if you block at IP level, and if sender client is an MTA, it will retry.
> >Uh? Only on DEFER (4xx), on REJECTs (5xx) the MTA is not supposed to retry.
>
> - there is no REJECT (5xx) at _IP_ level
Right. I was at check_client_access level, sorry.
> - most MTAs will retry if 5xx is given at connection or helo time.
Hm, haven't seen that yet. But I agree, I guess such MTAs exist.
> >However, an automatic blacklisting out of logs is a very call for trouble.
> >Especially when it comes to forwarders and real MTAs (like ISPs).
>
> That may be acceptable in certain cases. examples:
> - if flooded from one client (or one net)
> - if it's removed after few hours (or even less). This would be a sort of
> log-driven greylisting.
But the OP is still not able to "block" the origin prior to
smtpd_recipient_restrictions. He is only able to block the delivering MTA.
Blocking the "origin" would be possible at headerchecks (parsing the
received: lines) - although I haven't used header and body checks ever and
I'm not sure how failsafe that is.
We have some amount of ISPs that "flood" us (actually, only ISPs from which we
of course need legitimate mail also).
He should make sure (whitelisting) that he is not blocking ISPs when he
starts to reject clients at check_client_access. But then he will obviously
will drop the whole idea because it's a little nightmare and work to eye-wise
parse the look and maintain his whitelists - compared to the effectiveness
What he can do also is, report the spam to RBL lists. This way he can help
others and maybe even ISPs, too (in addition to storing the bad origin IP for
later use in headerchecks).
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id�865&op=click
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
