Greetings.
I'm thinking of implementing:
- greylisting
- honeypots
- rejecting broken HELO at smtp time (such as "MUMS_XP_BOX")
- rejecting dynamic IPS at smtp time (PBL)
- firewalling hosts with 100% spam, forever.
Are there any oposing opinions on those?
I recall some people dont like greylisting for some reasons.
Also i'm unsure if should firewall, since the postmaster of that host
might all sudden get things under control. But we currently have around
99% spam, so i think i need more drastic actions before our mailbox
overloads :(
I'm getting lots of it from zombies, so i wonder if its legitime to scan
the sender before accepting. For example if it blocks icmp, its very
likely a home router. But i have no data on that, and no clue.
Spamhaus has only about half of the zombies. PBL even lacks half of the
german dialup ISPs. i'm thinking i need my own techniques to build such
lists.
thanks.
