9 messages in net.sourceforge.lists.courier-usersRe: [courier-users] RBL Check - When?
FromSent OnAttachments
Gordan BobicOct 20, 2007 12:45 pm 
Sam VarshavchikOct 20, 2007 1:03 pm 
Gordon MessmerOct 20, 2007 1:44 pm 
Gordan BobicOct 20, 2007 4:03 pm 
Leigh S. Jones, KR6XOct 20, 2007 4:56 pm 
Gordan BobicOct 20, 2007 5:26 pm 
Leigh S. Jones, KR6XOct 20, 2007 5:34 pm 
Gordan BobicOct 20, 2007 5:50 pm 
Alessandro VeselyOct 21, 2007 11:11 pm 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: [courier-users] RBL Check - When?Actions...
From:Sam Varshavchik (mrs@courier-mta.com)
Date:Oct 20, 2007 1:03:44 pm
List:net.sourceforge.lists.courier-users

Gordan Bobic writes:

I've just been looking through my mail logs to assess the effectiveness of the RBLs, and I see things like the following:

courieresmtpd: error,relay=::ffff:88.236.181.253,from=<admi@bobich.org>,to=<he@bobich.net>: 511 http://www.spamhaus.org/query/bl?ip=88.236.181.253

Since it has the from and to addresses listed, that implies that the RBL was consulted after the MAIL FROM and RCPT TO commands were sent. Is this not wrong?

No, it's right.

I would have thought that in the interest of wasting fewer resources on spammers, RBL should be checked sooner. Possibly even before the server responds with the initial 220.

… So that the spam source can easily detect that you're using a blacklist that has this particular IP address listed, and if the spam sender tries again from a different IP address, there's a good chance that it will be accepted.

As opposed as getting the SMTP transaction rejected in exactly the same point it would be rejected for an invalid recipient address, for example.