Zsolt,

I'm not familar with the SMTP side of courier but I do have a few standard MTA suggestions:

1.) If possible, create, and maintain(!) a list of hosts you automatically refuse connections from. This can also be done at the firewall level. If possible, you might even think of creating a script that parses your logs, looks for say >50 'bad local parts' coming from them, and then adds a drop rule to your firewall.

2.) Use, web-based spam helpers like spamhaus, blitzed, spamcop, etc. These hosts provided DNS lists of known spammers. You can connect this to your firewall (if it's smart enough), or your SMTP daemon. It will do a DNS lookup on any host that's trying to connect to it and deny it mail-sending priviledges if it gets a DNS hit from one of the above hosts. Again, if you add a nice quick script to parse logs and look for entries denying hosts based on this reason, and then make firewall entries you can make it so that these hosts never see your SMTP daemon ever again. And if courier doesn't support this functionality, then you can look at your logs manually once a day/week, etc. and add any DNS hits you get for hosts directly to your firewall manually.

3.) Try rate limiting. It only allows hosts to send or even relay mail to a certian number of recipients per time period (i.e. 300 per 3hrs), if they go over that limit, they're automatically blocked. This has the added benefit of ensuring hosts within your network that get infected with a spam bot aren't allowed to pollute your network either (assuming you relay as well as accept for them).

Well that's all I can think of for now. Hope it helps. I don't know that all (or even any) of these are directly pluggable to the Courier SMTP though.

Chris

On Fri, 2006-05-26 at 10:33 -0700, cour...@lists.sourceforge.net wrote: