Sam Varshavchik wrote: >> I would have thought that in the interest of wasting >> fewer resources on spammers, RBL should be checked sooner. Possibly >> even before the server responds with the initial 220. > > … So that the spam source can easily detect that you're using a > blacklist that has this particular IP address listed, and if the spam > sender tries again from a different IP address, there's a good chance > that it will be accepted.
The chances are that they'll spam from multiple addresses to multiple MX-es to multiple accounts simultaneously anyway. > As opposed as getting the SMTP transaction rejected in exactly the same > point it would be rejected for an invalid recipient address, for example. I would argue that spammers are not renowned for sticking to RFC compliance and using finesse in their approach. If they are clever enough to notice that, they'll also notice the "rejected by RBL so and so" response message. But luckily, they tend to go for the brute force flooding approaches which are easier to block. I suppose, however, that there is the argument that if one is so worried about the comms overhead, one could just set up user-space filtering with iptables, and plug that straight into an RBL database. I guess it at least gives options of either approach. Gordan ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
