>Since a lot of SPAM is the result of email addresses harvested
I know people feel violated and abused when their valid accounts are
harvested and therefore want to block all harvesting, but my position is
now that a mail abuser having a valid recipient address is hardly
sufficient for successful delivery.
Proof? Look at how much your IMGate rejects that is addressed to your
known users.
So I don't waste my time with anti-harvesting obfuscation.
But, my advanced mta_clients_dict script harvests PTR-less IPs and blocks
by IP for sending above a threshold of msgs to unknown users, and will
block the entire ClassC if it contains above a threshold of IPs sending to
unknown users.
is _dict effective? yes, very much so. It is, on some site, the single
most productive filter (after unknown user filter):
1 Other
2 ACL from_senders_clueless
2 SMTP Exceeded Hard Error Limit after CONNECT
4 ETRN Mail theft attempt
5 ACL to_local_recipients unknown recipient
6 IMGate: local server configuration error!
7 DNS no A/MX for @recipient.domain
20 ACL helo_hostnames
24 ACL mta_clients_floodgates
25 ACL header checks
25 SMTP Exceeded Hard Error Limit after END-OF-MESSAGE
34 SMTP Exceeded Hard Error Limit after HELO
72 RBL relays.ordb.org
87 SMTP helo hostname invalid
92 RBL opm.blitzed.org
109 SMTP unauthorized pipelining
158 ACL PTR hostname does not match hostname (forged HELO)
176 DNS timeout for MTA PTR hostname (forged @sender.domain)
209 ACL bogon network header
256 SMTP Exceeded Hard Error Limit after MAIL
282 ACL from_senders_bw
325 ACL HTML obfuscation
362 ACL forged @sender.domain not from sender PTR domain
508 DNS nxdomain for MTA PTR hostname (forged @sender.domain)
530 ACL unauthorized relay
897 RBL dnsbl.njabl.org
940 RBL korea.services.net
998 RBL list.dsbl.org
1259 DNS no A/MX for @sender.domain
1356 RBL cbl.abuseat.org
1554 SMTP invalid [EMAIL PROTECTED]
2059 ACL mta_clients_bw
2309 ACL from_senders_imgfx
3729 SMTP helo hostname is an IP
5095 SMTP helo hostname not fully qualified
12574 RBL sbl.spamhaus.org
17856 ACL subscriber network
20662 ACL mta_clients_dict <<<<<<<<<<<<<<
20905 SMTP Exceeded Hard Error Limit after DATA
57339 SMTP Exceeded Hard Error Limit after RCPT
213977 ACL to_relay_recipients unknown recipient <<<<<<<<<
========================
366830 TOTAL
_dict runs after to_relay_recipients, so that means the blocked,
self-convicted _dict IPs were prevented from sending to KNOWN users.
Because the _dict script harvest several times/day, it does stop some
harvesting of valid addresses, but that is a secondary effect to harvesting
the IPs a into permanent black list.
Len
