On 19/01/05 14:58 -0500, Satya wrote:
On Wed, Jan 19, 2005 at 08:44:45PM +0530, Devdas Bhagat wrote: [block]
Inbound port 25 for dynamic IP addresses.
Why?
Source routed SMTP connections. Blocking respones from port 25 to dynamic IPs is also recommended to stop this. Plus, running a SMTP server on a dynamic IP is just not reliable enough.
[I wrote]
Graylist your inbound SMTP connections.
Ewwwwwwwwwwwww. Does not really scale for higher volumes of mail, but is reasonably useful on a low volume server.
Why? I'd think once you got legit mail from a domain you'd whitelist it. And you'd start by whitelisting known legit domains, if you have a list of known legit domains.
Greylisting stores a sender/recipient/sending host triplet. On large volumes of mail, that store gets a bit larger than the memory available :).
Plus, there are a lot of implementations where mail will fall back to a different host if the first attempt fails (particularly the high volume senders).
Devdas Bhagat