How can MailScanner "push back"?
steve.freegard at fsl.com
Thu Aug 23 21:12:31 IST 2007
Leland J. Steinke wrote:
> Michael Huntley wrote:
>> Greylisting stopped a terrible mail storm on our system.
> We've been using sqlgrey for almost 18 months now. The spammers have
We've got a modified greylisting implementation in our BarricadeMX
product which is very different to SQLgrey and has so far proven 100%
effective against the botnet spam that passes traditional greylistng (no
extra drawbacks from normal greylisting except for more bandwidth being
used). Ping me off-list if you would like to try a demo of it.
> Hugo van der Kooij wrote:
> > Considering blocking DSL, cable and other 'user' IP ranges. There are
> > some RBL's focussing on these ranges. It should give you some air.
> We use PSBL and DSBL, in addition to our own RBL. We are an ISP, so I
> am loath to use RBLs such as PBL to reject connections, instead using
> them in SA to jack up spam scores.
I like the DSBL a lot - but you should probably consider adding
cbl.abuseat.org as it will catch a *lot* of extra stuff missed by your
Instead of using the PBL you could use dynablock.njabl.org and bypass
any of your own dial-up/DSL ranges.
Also consider adding milter-link into Postfix and rejecting stuff listed
on multi.surbl.org and black.uribl.com at the MTA level as this will
help a lot (on the non-botnet stuff anyway).
> Maybe I need to write a postfix policy daemon to query the hold queue or
> otherwise check the box's status and 450-reject the connection if the
> box is overloaded...
I really don't think that this will solve your problem as you'll end up
seriously delaying geniune senders with sane retry intervals whilst the
bots will continue to hammer away relentlessly whenever you start
allowing connections again. It's a problem that will then get
exponentially worse the more you shut of the port.
It's better to minimise the amount of junk .vs. good message allowed
into MailScanner from the MTA which is what we (FSL) are pretty good at
More information about the MailScanner