On Wednesday 08 December 2004 16:02, Bill Taroli wrote:
> Mark Bucciarelli wrote:
> >On Tuesday 09 November 2004 02:48, Martijn Lievaart wrote:
> >>Lloyd Zusman wrote:
> >>>I keep tweaking my custom HELO checks, but lately, they have settled
> >>>down into something that approaches stability. If anyone is
> >>>interested, I will post a summary of the HELO checking that I do.
> >>
> >>I'm interested. Maybe put up a webpage?
> >
> >Did this info ever get pulled posted somewhere?
>
> Not that I'm aware. I wound up putting a simple report in place that
> greps out all these entries from my mail logs, and then removes those
> known to be suspect. For those IP addresses or blocks that I wish to
> ignore the messages for, I keep a file that the script uses to filter
> them from the report. Very manual, but it works allright.
It would be helpful to pool this info.
> The problem, of course, is that when an otherwise legitimate sender
> (with an admittedly misconfigured mail server or DNS) gets caught by
> this trap, it's very painful. Why? Because the SMTP return is 5xx, and
> no attempts are made again for delivery. Does anyone know if there is a
> way to change this to a 4xx?
Hack line 788 of courier/submit.C.
> That way, a complaint received in
> reasonable time ("I'm not getting mail from so-and-so...") could be
> corrected (smtpaccess) and the mail would simply be delivered. The way
> it is now, the process of having the sender re-send the message can be
> difficult -- such as with airline reservations, in a recent situation I
> came across. I appreciate that a temporary failure will mean that
> spammers may also resend, but at least those will never get delivered...
> which is the real goal, after all.
There is an interesting discussion on a very similar topic going on now on
the Debian ISP list (rbl response, not EHLO response). In Postfix, you
can configure the RBL return code.
A fellow who apparently works at a large ISP says email users typically
have no clue what a 5XX response means. For him, 4XX is better b/c
spammers never try back (yet) and for legitimate bounces, he can modify
his black list (or wait for the rbl to fix iteself) and when their mailer
retries, the mail goes through. He said his users were reporting the
bounces as SPAM to his abuse address at a rate of about a dozen per day
and it is cheaper to provide support with this setup.
The other opinion was that the log clutter and increased bandwidth is not
worth it (and if users can't understand 5XX they shouldn't be on the net).
Regards,
Mark
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
