EHLO/HELO [was blacklists]
On Tuesday 07 December 2004 17:55, Michael Loftis wrote:
> --On Wednesday, December 08, 2004 08:47 +1100 Craig Sanders
>
> <cas@taz.net.au> wrote:
> >> Now I reject by 554 code... should I change to 4xx?
> >
> > if it suits your needs. i wouldn't.
>
> I have to agree with that statement. For us it suits our needs very
> well. I don't mind handling the extra retry traffic if it means
> legitimate mail on a 'grey/pink' host is just temporarily rejected or
> delayed while they clean up, in fact this is far more desireable for us.
> Complaints of 'lost' mail went up when we were using permanent fatal
> codes as an experiment. Yes legitimate hosts get blacklisted, but
> legitimate hosts will retry, and if they don't well, it's their problem,
> not ours. We're telling them 454 listed on spamciop see URL of whatever
> (I'm obviously paraphrasing)
I've been following this thread with great interest.
I'm wondering if the same 4XX technique could apply to EHLO/HELO
checks--with automatic whitelisting thrown in.
If spammers never retry, couldn't you watch the logs and when you see a
retry, add that IP to EHLO/HELO whitelist? (And generate a report so you
can check up on this later.) Folks on the courier-user list have reported
that the EHLO/HELO whitelist becomes quite stable after a while.
I've recently turned on EHLO/HELO validation and am encouraged by how
effective it is. WIth RBL's (spamcop and dnsbl) and SpamAssassin 3, only
88% of spam was stopped. So far, it's 100%. (This is a _very_ small
sample--one email account for one day, but the change is dramatic from my
perspective.)
And what's to stop spammers from starting to retry? Does it double their
cost of doing business? If I then require a second retry, does it triple
their cost?
If I want to hack the courier backport package to force an invalid EHLO to
get a 4XX instead of the hardcoded 517, are these the correct steps (taken
from Debian Quick Reference, Ch. 3):
apt-get source courier
dpkg-source courier.dsc
cd courier-0.47
... edit source
dpkg-buildpackage -rfakeroot -us -uc
su -c "dpkg -i courier-mta.deb"
Is that correct?
How do I change the newly-built package name, and what do I change it to so
apt-get update/upgrade will find a new release uploaded to backports.org?
Regards,
Mark
Reply to: