Re: SMTP AUTH?
- Date: Tue, 8 Sep 98 12:44:24 +0100 (BST)
John Martin writes:
> Well, I was intending being a bit more reasonable, actually. A host
> only gets added to the "forbidden" list if it definitely relays.
> Timeouts, etc, would not affect this... and if I always get a 421,
> it could be for some other reason.... or we could use a different
> code to indicate that this is what is happening. (Like I said, 421
> might not be right.)
Yes, using a specific 4xx code would be a better idea - provided
everyone chooses the same one!
>> As you notice, it will also reject legitimate mail from hosts which
>> happen to permit relaying.
>
> Yes. This is a problem but for some, it might be acceptable.
Also it won't stop you receiving spam from hosts which don't relay - I
get quite a bit direct from dialups without any relay-rape involved
(three this morning alone); such hosts need not even run an SMTP
listener.
Obviously doing this is more effort for the spammer, but apparently at
least some of them are convinced it's worthwhile.
> My experience of gradually reducing the number of RCPT allowed has
> shown that spammers are smart enough to now use relatively small
> lists, i.e. 5 recipients.
That's interesting...
> Can you be sure that a mail would include the blacklist address? Or
> are you saying that the host from which the blacklist address
> originated would immediately be rejected?
One possible way round this would be to have many more bait addresses
than real addresses - then the majority of SMTP sessions attempting to
deliver spam would include a bait address.
You could certainly reject all mail from the host that was sending
spam; this would have the advantage of only refusing mail from hosts
that were actively involved in spamming. It'll be interesting to see
how it works in practice, anyway.
ttfn/rjk