James, > Seems to me this would be much better served implemented as a DNSRBL than a > iptables solution. By using your own DNSRBL, you would have a scalable, RFC > compliant solution that still drops the connection well before the "data" > phase and before any mimedefang/SA processing, if you implement the DNSRBL > inside your mail server software itself.
You've missed my point - RBL lists have their place, but when the sender is badly behaved, they add nothing to the solution. My scenario is a sender who keeps trying no matter how many times we send a 5xx response code, and who in some cases uses a mailer which stuffs the whole message down the connection before you even get a chance to say hello. Even using a RBL, the bandwidth has been used, and the system has incurred the load of handling the packets and doing lookups. The greeting delay feature introduced in the latest Sendmail incarnation also doesn't help, as the greeting is ignored and the Sendmail daemon still has to process the queued packets. At the IPTables level, Sendmail never sees the packets, and the very limited processing is done by the kernel using optimised packet matching and filtering routines. Best Wishes, Paul. __________________________________________________ Paul Murphy Head of Informatics Ionix Pharmaceuticals Ltd 418 Science Park, Cambridge, CB4 0PA Tel. 01223 433741 Fax. 01223 433788 _______________________________________________________________________ DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please contact the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741 _______________________________________________________________________
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
