>Came up with a cool trick that seems to be working well after running for >several months.
I do the same by harvesting the IPs that fail SMTP AUTH a number of times, and then if more than a number of IPs in a ClassC, I block the entire ClassC. I don't care about the body of the msgs they AUTHing failures can't submit. Enough of that is coming through the front door MX. I do the same with postscreen/pregreet IPs and ClassC. I do the same with IPs that exceed postfwd rate-limiting, after I've whitelisted from rate limiting the legit volume senders. Repeated by behaviors trashes your reputation chez moi. As a result all my envelope (pre-DATA) filtering, very little garbage gets handed to amavis and friends for content filtering. Len
