We have been blocking entire IPs for 90 minutes since August of last year for 2 bad rcpts using the bad_rcpt_throttle feature and a daemon that monitors the maillog. We have not had one single complaint and it's been rolled out pretty pervasively!
The blocking of course is a tempfail so I would suggest a reject 4.7.1 or whatever. Regards, KAM > The catch is that the count is necessarily one behind. > > Send to 1st bad recipient: nbadrcpts = 0 so far, so OK > Send to 2nd bad recipient: nbadrcpts = 1 so far, so OK > Send to any 3rd recipient: nbadrcpts = 2 so far, so reject > > So the reject could happen on a valid recipient. Still this might > be useful in stopping dictionary attacks. > > The number 2 seems too small. > > In a milter, we could more easily write conditions around this rule. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
