--On October 22, 2016 at 1:51:12 PM -0400 Bill Cole
<postfixlists-070...@billmail.scconsult.com> wrote:
On 22 Oct 2016, at 12:19, Paul Schmehl wrote:
I would make one suggestion. I would reject the attempt silently. No
sense in tipping off the spammer to what he needs to do to work around
it. Just use REJECT with no explanation.
That's a nice hypothesis but it doesn't seem to play out in reality. I've
been emitting specific (and yes, sometimes snarky) rejection messages on
a variety of systems for all sorts of access rules, in part so I can keep
track of what rules are being hit easily. I have never seen any hint that
spammers behaving in grossly fraudulent ways (like EHLO arguments that
claim to be the server they're talking to) substantively change their
behavior in response to those messages. Keep in mind that essentially ANY
idiosyncratically wrong EHLO argument seen only from spammers has been
configured intentionally by someone who has no idea how cheap, simple,
and reliable it is to reject spam on that basis. These are cognitively
impaired spammers, not smart ones. The smart ones try very hard to look
very normal and legitimate, not to stand out as something starkly
different from any legitimate mail.
And you don't think this spammer fits into the latter category? He's
clearly doing something very clever that is not the usual brute force
cram-it-down-your-throat spam run.
"The man who never looks into a newspaper is better informed than he who
reads them, inasmuch as he who knows nothing is nearer the truth than he
whose mind is filled with falsehoods and errors." - Thomas Jefferson
Paul Schmehl (pschm...@tx.rr.com)
Independent Researcher
