Dennis Davis wrote: *trimmed*
> > Most of the ones I've seen have been fingered by the RBLs I > use. For example, here's one for me that was hit by the > JANET subscription to MAPS: > > 2006-06-15 15:38:55 H=(netzero.com) [220.171.78.157] > I=[138.38.32.23]:25 F=<[EMAIL PROTECTED]> rejected RCPT > <[EMAIL PROTECTED]>: 220.171.78.157 is listed in > rbl-plus.mail-abuse.ja.net > ACK, BUT: - these can usually be stopped more 'cheaply' and faster w/o need of an RBL lookup on the basis of Exim's own tests. > 220.171.78.157 appears to be registed to a Chinese network. - Which is in a WHOIS (separate note, off-list), but fails forward/reverse DNS lookup, indicates a forged EHLO/HELO, fails sender verify, almost certainly would also fail recipient verification as well, and might also have syntax, 'payload', or other protocol errors worthy of denial - or progrssive delays until they loose patience and drop off the teat. - all well before hitting SA or such, or - in our case - checking any RBL's. [1] Bill [1] - or, as we have never had a legit netzero inbound, hitting our local BL since shortly after this thread started... -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
