Re: minimizing bandwidth taken be spam delivery attempts even when identifiable by "To:" address

["Daniel B." <REMOVEdanielTHIS@fgm.com>]

Glenn English wrote:

> On Wed, 2006-02-15 at 16:08 -0500, Daniel B. wrote:
>
> > Clive Menzies wrote:
> >
> >
> > > On (15/02/06 12:58), Daniel B. wrote:
> > >
> > >
> > > > What anti-spam method minimizes the network bandwith used by spam
> > > > delivery attempts?
> > >
> > >
> > > sa-exim with spamassassin rejects mail at SMTP time which may solve your
> > > problem
> >
> > I was _already_ talking about rejecting mail at SMTP time.
>
>
> There's a rule in my mail server's firewall's input chain that looks for
> new incoming connections to port 25 and sends them to the "spammer" and
> "asia" chains where the connections are rejected on IP.
>
> bogofilter identifies spam and directs it to the spam box. Then a Perl
> script goes through that mail every couple hours and puts the IPs in the
> spammer chain for a couple weeks. The script also scans the currently
> active mail log for rejects due to the Spamhaus RBL.

...

Yeah, that's the kind of thing I was looking for.  Thanks.

> If there's a less bandwidth way than at the firewall, I'd like to know
> about it. 

My idea (which I don't is practical) was to query RBLs in real time
after receiving a TCP connection (SYN?) packet and before sending an
acceptance (or rejection) packet.  Relative to your suggestion, that
would save the bandwidth of receiving the first spam message from the
spam host, although it would add the bandwidth cost of querying the
RBLs and would depend on the spammer's having already been identified.


Daniel