> > > --On 10 November 2006 10:31:38 +0000 Clive Goodhead <[EMAIL PROTECTED]> wrote: > > > For some months now we have used a HELO ACL to delay by > > 35 seconds all connections with suspicious looking HELOs. > > This is very effective at reducing the amount of spam > > that our servers receive, while not preventing "real" > > email getting through, because much of the current > > spamming software seems to drop the connection during the > > delay period. > > Is 35 seconds really necessary? It will fall foul of sender verification > callouts, preventing you from sending messages to hosts that call out with > suspicious looking HELOs. > > Have you experimented with shorter delays? Putting the delay at pre-data, > so that you can exempt your postmaster address? >
Thank you for a prompt reply. Ironically, our postmaster addresses are the chief beneficiaries of our approach. For those who wish to have it we have reasonable spam filtering in place. We do not, however, apply filters to our postmaster and abuse addresses, even though we now receive hundreds of spams to the postmaster addresses; some spammers now seem to add a postmaster address to the recipients presumably in the hope that the whole lot will get whitelisted. I have to admit I had not thought about sender verification as it is something that we ourselves have taken the decision not to use. I would hope, however, that people who know how to use it could set up their servers to HELO properly. We did do tests on the delay period and 30 seconds did not prove to be quite enough. > Of course, the only resources you need to worry about are process count > (some systems have limits to the number of concurrent processes, so you > should find out what your limit is), and RAM. The waiting process won't > actually do any processing, disk access or network access. I can use the logs to estimate the numbers of delayed processes and thus investigate whether process limits will be a problem. Do you have any ideas, however, on how I can find out how much RAM a delayed process will use? We use Exim 4.63 and FreeBSD 4.11 on our current production servers. > > > As our mail volumes get higher, however, I am beginning to > > be concerned about the load that all these delayed > > connections will place on our servers. At the moment it > > does not appear to be an issue, but I am looking for advice > > on whether or not it is likely to become a problem. > > > > Regards > > > > Clive Goodhead > > -- > > ------------------------------------------------------------ > > Cornwall Internet Limited > > Registered in England, registered number 3387326. > > Registered office: Montaza, Fore Street, Goldsithney, > > Penzance, Cornwall, UK. > > ------------------------------------------------------------ > > > > -- > Ian Eiloart > IT Services, University of Sussex > > -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
