> >My earlier attempts at harvesting rejects generated by unknown users > >resulted in blocking all mail from Earthlink, MSN and AOL. > > You have to harvest their outbound relays and exclude them from your > harvesting script, or, exclude PTR-less IP's. But don't whitelist their IPs.
Would help. Still finding lots of interesting places that do have valid reasons to email here, so my exclude list would be rather sizeable. > >In my sorting, I have found a few large blocks of dynamic addresses. None > >of these sent particularly much UCE per IP, but it adds up. > > My observation, too. Some dsl/cable spammers can be extremely high volume > and intense due to their bandwidth, but for every one of those monster > spammers, there are many 1000's of low-volume spammers. Yah. Found one guy who used one bogus email address that probably accounts for tens of thousands of one weeks rejects. No more than 1000 from one source, and mostly 20 to 50. He bounces around to all sorts of insecure systems, even on dialups. > >You might try the below with a warn_if_reject and see what you get. > > > >200.149.152 554 RFC 1893 ERR 5.7.1 mass mailing veloxzone.com.br > > wouldn't it be better in mta_clients_bw.map: > > user.veloxzone.com.br 554 mta_clients_bw_map ... > dial.terra.cl 554 mta_clients_bw_map > and then in mta_clients_bw.regexp: > > /pool.*verizon\.com/ 554 mta_clients_bw_regexp ... > /ppp.*t\-net\.net\.ve/ 554 mta_clients_bw_regexp They do not always come back with a reverse lookup, so I find I have to do it by an IP, and not a name. Still, a regexp could be used for that. Just have to be careful of the gaps in a few of those that are not for dynamic address space. > this: > > 200.149.152 554 RFC 1893 ERR 5.7.1 mass mailing veloxzone.com.br > > ... could be, in mta_clients_bw.regexp, collapsed to: > > /200\.149\.15[0-9]/ 554 mta_clients_bw_regexp Yes, much of it could be done with a regexp. Still collecting data. Will be doing this sort of cleanup later. I also want to leave individual lines for a while to see if this generates user complaints. If so, I will need to adjust, and can go for one line at a time that way. --Eric
