[Mimedefang] Am I overlooking something in my filter_relay method
ML Listuser
listuser at ml-design.com
Sun Jul 16 05:02:06 EDT 2006
Hello list, I'd gladly like your opinion on this.
For some days I switched sendmails loglevel to 15 and noticed that 99% of
the spamflow is sent to me from smtp clients: PC's with names as
'pool,adsl,dynamic,..' or just an IP number. They send smtp but don't listen
on the smtp port theirself.
Well, I'm not a service provider and execept for clients on my own internal
network, I don't have business for smtp clients.
So I created a filter_relay which, on a connect-request, tries to establish a
telnet/smtp connection with the calling host and if it does _not_ succeed,
rejects the connection with '554 <my mx> ESMTP not accepting messages'.
The rejected hosts are logged into a small sqlite blacklist.db so when they
try to connect again, there's no need for a new telnet poll. I did this
because some hosts try to connect 5 times when they are rejected. And some
even try 15 times. This sqlite database also has a small whitelist for some
'one-way' smtp hosts I _do_ want to receive from (some maillists).
During 1 week the number of spam decreased with 99% and I catched 2200 spam
clients into my blacklist so this method seems simple and succesfull.
Now I wonder, does anyone have a meaning on this method? Am I overlooking
something? Maybe something trivial that doesn't make it such a good idea after
all.
Is there anything in my method that could be done with MD built-in methods?
thanks a lot,
Frank
More information about the MIMEDefang
mailing list