--On Thursday, May 19, 2005 11:13 -0400 "Kevin A. McGrail"
<[EMAIL PROTECTED]> wrote:
We have been blocking entire IPs for 90 minutes since August of last year
for 2 bad rcpts using the bad_rcpt_throttle feature and a daemon that
monitors the maillog. We have not had one single complaint and it's been
rolled out pretty pervasively!
The blocking of course is a tempfail so I would suggest a reject 4.7.1 or
whatever.
For the sake of the archives, the sendmail.mc I posted is not good.
This does what I wanted, and uses tempfail as Kevin suggested.
LOCAL_RULESETS
SLocal_check_rcpt
R$* $: $1 $| $( arith l $@ $&{nbadrcpts} $@ 10 $)
R$* $| FALSE $#error $: 450 Too many bad recipients
The idea here is to say 450 to all recipients after we've seen 10 bad
recipients. Real mail servers will queue and re-try the ones that got
450, and eventually send their mail, but more slowly than if they
cleaned their lists.
Thinking of greylisting... I noticed repeated tries yesterday
by two IP addresses trying to send the Sober virus German political
spam (diagnosed from the few valid addresses). 68.232.178.42 tried
259 times and 63.117.70.194 tried 320 times. Maybe they are not
queueing as such but just sending repeatedly; however the effect is
the same. The idea of viruses trying only once may not be totally
valid any more.
Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York
_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
