On 2010-06-22 8:47 AM, Victoriano Giralt wrote: > On 22/6/10 12:54, Charles Marcus wrote: >> On 2010-06-22 2:18 AM, Victoriano Giralt wrote: >>> If you manage to cut them before they hit any real address you avoid >>> crud entering your user's mailboxes.
> We DO recipient validation. I'm talking about cutting off the client > before they hit a good one. The point I was making is that if you use > something like fail2ban that detect an IP address that is doing a > dictionary attack, and block the connection you reduce the probability > of finding a recipient that will get validated. Ahh... you are attempting to hide your valid recipients. Security through obscurity is a waste of time and resources imo. I use fail2ban, but only to block hack attempts... I don't care much about someone finding out who the valid recipients are, I'm much more concerned with someone trying to crack a password... > We are not allowed to filter mail (except viruses) by policy. So we > need other anti spam meassures, once we accept mail we MUST deliver > it (except for viruses). That's what I meant - add an after-queue filter and TAG+Deliver it. Use sieve to deliver it to a Spam folder if desired. -- Best regards, Charles
