4.40.5: IPBlock 451 versus 550

Julian Field MailScanner at ecs.soton.ac.uk
Wed Mar 16 18:18:01 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

David Lee wrote:

> On Wed, 16 Mar 2005, Julian Field wrote:
>
>> Jeff A. Earickson wrote:
>>
>>> Just curious as to why you changed IPBlock from fatal rejections
>>> to tmpfail.  I've had a couple of spammers pounding on my system
>>> with crap that would have ordinarily been booted by IPBlock for
>>> good.  Now they just keep trying.  I've modified my copy of
>>> CustomConfig.pm in 4.40.5 to do the 550 rejections again.
>>
>>
>> Someone asked me to, on the basis that most spammers don't run real
>> MTA's and therefore won't try again if they get a tmpfail anyway.
>>
>> I will change it back to 550 again, but I might put it in a variable
>> somewhere so it's easier to change.
>
>
> I note that Mirapoint (www.mirapoint.com) has a feature called MailHurdle
> which deliberately uses 4xx-like temporary failures to try to stall
> spammers.
>
> The idea seems to be to return a 4xx-like failure to connections from
> hitherto new/unknown places, and notes that the connection attempt has
> been made ("if I haven't met you before, then 4xx.").  A large proportion
> of spam engines simply won't bother to retry.
>
> By contrast, legitimate email (yes, and some residual spam) would always
> try again a few minutes later, and so when it does, this time the call is
> accepted ("I've just met you, so I accept you 200-like").
>
> That "new/unknown places" might be a variety of things (a brief Google
> didn't reveal too much detail) such as one or a combination of
> IP-address,
> envelope-From, envelope-To.
>
> (Obviously, some spam engines might be a bit more determined, and might
> actually obey the 4xx retry, but this "hurdle" idea would at least mean
> that simple-minded spammers that don't do 4xx subtleties wouldn't bother
> us again for the time being.)
>
> I wonder whether something along the lines of "CustomConfig.pm &IPBlock"
> might be able to accomplish this?

Very interesting idea. I will have a think. Unfortunately I would have
to accept the first mail in order for it to get into MailScanner at all.
And that may defeat the idea altogether. Any thoughts?

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list