-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
hi,
| If you don't have enough capacity to do the 5xx errors on the main | mail servers then setup another (small) machine and redirect (instead | of blocking) all connections to that box and let it emit 5xx errors. | That can be a very small and fast deamon. It can reject maaaany | connections per second. Even if it is too slow it doesn't matter | much. Important is that sometime soon there will be a 5xx error | and the sending mail server stops trying. We could write such a | small 5xx error deamon if you need one. It's not a big thing.
Too much effort. And writing a proxy always gets you into the same trouble again: From the smtpd's point of view the connections come from localhost (or from wherever you installed that proxy).
Do it like this instead:
1. Add this line to /etc/inetd.conf
1025 stream tcp nowait nobody /bin/cat cat /etc/smtp-block-message
~ (spammers will be redirected to this service)
2. Put your message into this file:
~ echo '451 No Access Today' > /etc/smtp-block-message
3. Instead of just dropping connections, we will divert traffic ~ from sources, that are believed to be spammers, to the service ~ above. This is done using DNAT from iptables/netfilter.
~ iptables -A PREROUTING --table nat --protocol tcp \ ~ --source 1.2.3.4/32 --dport 25 -j DNAT --to 127.0.0.1:1025
Not tested, but should work. Please fix. You have 6 days remaining until the mails expire in my queue and my customers are going to hunt you down.
daniel -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAKCaeS2WJ/hBy2k8RAvL/AJoDR3h6SpXGT1UhuwWxxRoEiBcO6wCgmT8Q JoX/JB1jB8tU0jtZy3+1CpY= =nfBm -----END PGP SIGNATURE----- ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/
