W B Hacker wrote: > At least at one time (I am NOT current) AOL, IIRC was 'claiming to' treat the > connect-query-abort-without-traffic callout sequence as a probe and > blacklisting > the source. Dunno if they actually *did* do so, but we don't need to find > out, > so .. > > OTOH, any 'fixed base' spammer with 'proper' DNS entries, or a DynDNS > resolver > service, can easily configure so as to 'verify' any address queried, hosted > or not. > > The majority of bogus 'senders' seem to come off of bogus servers, that do > NOT > have these credentials, so forward/reverse lookup, HELO mismatch, and > dynamic-IP > RBL hits - which are at least cached/cachable - are already a pretty good > indicator. > > All manner of hits here are posted to .csv files and/or PgSQL DB table from > which we generate our own 'recently rude' local BL - not of the whole world, > but > of the ones that have targeted *our* servers. > > YMMV, > > Bill > >
uceprotect is the only one I'm having trouble with now. Since Exim caches results the callout load isn't unreasonable. Occasionally I need to white list some servers to get around false positives. Sender Verification done right is one of my best tools. -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
