Jérôme Blion wrote: > Alessandro Vesely a écrit : >> User unknown can also be captured from a catchall script, i.e. >> synchronously rather than parsing log files. >> > I don't like catch-all mechanisms. With such tools, you are unable to > inform senders that they made a mistake while writing their mail without > creating a backscatter (which is baaaaad)
Not quite, you can intercept RCPT commands "live" by configuring maildropfilter (rather than maildrop), denying unknown addresses during the SMTP dialog, but still being informed about who tried that. However, I don't know what method is better for resource consumption. >>>> failregex = error,relay=<HOST>,.*: (511|550|554|513) >> >> The above regex would also capture "550 Rejected - see DNSBL" stuff, >> which I don't think deserve being blocked at the firewall. >> > Just try and see what's happening when a stupid spammer is flooding your > server with several hundreds mails per minute (dictionnary attack or > more stupid one, trying several times the same address) > You will query DNS so many useless times... and will waste resources. However, the resolver can also cache that data. Caching time in this case has been (carefully?) determined by the DNSBL admins. Denying access from that IP one can worsen various shortcomings than often accompany DNSBLs usage... > You can cache whatever you want, it will always be better to drop > everything from the spammer. They will have to wait the timeout delay... > And I love annoying spammers :-) So do I. Yet, I'm astonished by how many IPs they control. They rarely repeat the same one. > logpath = /var/log/mail.err >> Since logging is >> being used for interprocess communication purposes, would it make >> sense to document that the LOG_INFO priority is where info relevant >> for the firewall is being logged? Parsing just those lines may save >> some cycles... >> > That's why you should not use mail.log but mail.err... would be much > smarter. I thought mail.err contained LOG_ERR and higher. How come you get LOG_INFO there as well? ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
