On Sunday 18 January 2004 5:26 am, Brian Hatch wrote:
Hmmmn. A thought, and admittedly it's likely a bad one.
If for some valid reason you were not able to determine
if a message should be blocked before data and needed to
examine the header a bit, and once you read enough of the
content was able to determine that it should in fact be
dropped, you could
* close the connection immediately
* save the ehlo/mail from/rcpt to/client ip
as a 'ban next time' tuple
* when the remote server attempts to resend it,
block the email before DATA.
This is what I have been doing for quite a while, it works. Then again I am
not really worried if the occasional legit mail gets bounced, because they
get a reject saying:
550 sending host is a known virus source
In my view their virus infection is something they need to know about and fix.
- Dan
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡