At 02:31 PM 8/22/2004 -0400, Mark <admin(_at_)asarian-host(_dot_)net> wrote:
My server sends out an extended SMTP code, "550, 5.7.1", to those that are
blacklisted. There is nothing transient about it. :) You should see my
statistic of how many spammers ignore 5.x codes, though. I even made a local
DNSBL, just for such rogue spammers. My rule is: you get on that list if you
ignore a 5.x code more than 10 times within the same connection.
That is not to say there was not some sort of transient error, of course. In
fact, I think there probably was. His message, at any rate, did not make
contact here until about 10 AM yesterday morning (and there is nothing in my
log to indicate that this particular message was ignoring earlier 5.x
codes).
- Mark
**************** REPLY SEPARATER ******************
Regarding "spammers ignore 5.x codes", how do you coordinate between the
mail server and the DNSBL. The reason I ask is that I also run my own
dynamic DNSBL, but it is fed by 2 separate "honey pots", which return "501"
error codes and then terminate the connection. This is done because the
automated drones that spammers utilize ignore practically all error codes,
and it encourages the spammers to use all the IP addresses available in
their arsenal. The maximum I have recorded so far is 77 different IP
addresses from around the world over a period of about 10 minutes, and all
with the same target. This was unusual however, as they normally use 20 to
30 zombied machines.
Since this is off topic, you may contact me off list.
J.A. Coutts