9 messages in net.sourceforge.lists.courier-usersRe: [courier-users] RBL Check - When?
FromSent OnAttachments
Gordan BobicOct 20, 2007 12:45 pm 
Sam VarshavchikOct 20, 2007 1:03 pm 
Gordon MessmerOct 20, 2007 1:44 pm 
Gordan BobicOct 20, 2007 4:03 pm 
Leigh S. Jones, KR6XOct 20, 2007 4:56 pm 
Gordan BobicOct 20, 2007 5:26 pm 
Leigh S. Jones, KR6XOct 20, 2007 5:34 pm 
Gordan BobicOct 20, 2007 5:50 pm 
Alessandro VeselyOct 21, 2007 11:11 pm 
Actions with this message:
Paste this link in email or IM:
Paste this link in email or IM:
Atom feed for this thread
Paste this URL into your reader:
Subject:Re: [courier-users] RBL Check - When?Actions...
From:Gordan Bobic (gor@bobich.net)
Date:Oct 20, 2007 4:03:36 pm
List:net.sourceforge.lists.courier-users

Sam Varshavchik wrote:

I would have thought that in the interest of wasting fewer resources on spammers, RBL should be checked sooner. Possibly even before the server responds with the initial 220.

… So that the spam source can easily detect that you're using a blacklist that has this particular IP address listed, and if the spam sender tries again from a different IP address, there's a good chance that it will be accepted.

The chances are that they'll spam from multiple addresses to multiple MX-es to multiple accounts simultaneously anyway.

As opposed as getting the SMTP transaction rejected in exactly the same point it would be rejected for an invalid recipient address, for example.

I would argue that spammers are not renowned for sticking to RFC compliance and using finesse in their approach. If they are clever enough to notice that, they'll also notice the "rejected by RBL so and so" response message. But luckily, they tend to go for the brute force flooding approaches which are easier to block.

I suppose, however, that there is the argument that if one is so worried about the comms overhead, one could just set up user-space filtering with iptables, and plug that straight into an RBL database. I guess it at least gives options of either approach.

Gordan