4.40.5: IPBlock 451 versus 550
hermit921
hermit921 at YAHOO.COM
Wed Mar 16 18:21:41 GMT 2005
You can't do this in MailScanner - it needs to be done before the message
is accepted by the MTA. People do this in various ways, and most seem to
be quite happy with the results.
hermit921
At 10:18 AM 3/16/2005, Julian Field wrote:
>David Lee wrote:
>
>>On Wed, 16 Mar 2005, Julian Field wrote:
>>
>>>Jeff A. Earickson wrote:
>>>
>>>>Just curious as to why you changed IPBlock from fatal rejections
>>>>to tmpfail. I've had a couple of spammers pounding on my system
>>>>with crap that would have ordinarily been booted by IPBlock for
>>>>good. Now they just keep trying. I've modified my copy of
>>>>CustomConfig.pm in 4.40.5 to do the 550 rejections again.
>>>
>>>
>>>Someone asked me to, on the basis that most spammers don't run real
>>>MTA's and therefore won't try again if they get a tmpfail anyway.
>>>
>>>I will change it back to 550 again, but I might put it in a variable
>>>somewhere so it's easier to change.
>>
>>
>>I note that Mirapoint (www.mirapoint.com) has a feature called MailHurdle
>>which deliberately uses 4xx-like temporary failures to try to stall
>>spammers.
>>
>>The idea seems to be to return a 4xx-like failure to connections from
>>hitherto new/unknown places, and notes that the connection attempt has
>>been made ("if I haven't met you before, then 4xx."). A large proportion
>>of spam engines simply won't bother to retry.
>>
>>By contrast, legitimate email (yes, and some residual spam) would always
>>try again a few minutes later, and so when it does, this time the call is
>>accepted ("I've just met you, so I accept you 200-like").
>>
>>That "new/unknown places" might be a variety of things (a brief Google
>>didn't reveal too much detail) such as one or a combination of
>>IP-address,
>>envelope-From, envelope-To.
>>
>>(Obviously, some spam engines might be a bit more determined, and might
>>actually obey the 4xx retry, but this "hurdle" idea would at least mean
>>that simple-minded spammers that don't do 4xx subtleties wouldn't bother
>>us again for the time being.)
>>
>>I wonder whether something along the lines of "CustomConfig.pm &IPBlock"
>>might be able to accomplish this?
>
>Very interesting idea. I will have a think. Unfortunately I would have
>to accept the first mail in order for it to get into MailScanner at all.
>And that may defeat the idea altogether. Any thoughts?
>
>--
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list