helo misc@,
I wrote an article a few days ago:
https://poolp.org/posts/2018-12-06/opensmtpd-proc-filters-fc-rdns/
Since then, I implemented the check-fcrdns builtin filter allowing us to
filter incoming sessions that do not have a valid FCrDNS.
How does it work ?
1- configure your listener to be filtered
2- add a filter hook on whatever phase you want to trigger the check on
[...]
listen on all filter
filter smtp-in connect check-fcrdns disconnect "550 GO AWAY, PUNK"
[...]
This will result in smtpd replacing the welcome banner with the message,
then dropping the client connection if they don't have a reverse DNS and
a matching forward DNS. You can apply the check at further phases if you
need to log more details, this is up to you.
This does not remove ALL the spam I receive but it effectively kills the
spam and bruteforcing coming from infected home computers, which is most
of the non legitimate trafic coming to my box.
The code will be part of next release in April, until then you will have
to use code from OpenBSD -current or github's master or portable branch.
Thought I'd share this with you,
Cheers,
--
Gilles Chehade @poolpOrg
https://www.poolp.org tip me: https://paypal.me/poolpOrg
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
