> 1- why let it get to postfix? This is crap that spamd can deal with,
What I've been seeing here the last few weeks is somewhat
different: robots trying to determine how many connections I'll accept
concurrently. Left alone they can get to 100+ connection attempts per
second from the same IP, they go on until I'm running out of resources
and start delaying the accept(2). When that happens, only one or two
of these connections are subsequently used to try to send the crap, the
rest are closed immediately. Limiting concurrency at SMTP level seems
to actually reduce the number of bots that try that (presumably the
information that my site is way too uninteresting is propagated across
the bot net).
This has nothing to do with backscatter, but FWIW, backscatter alone
has never been a real problem with Postfix until recently. Resource
exhaustion because of insane concurrency as I described can be, and
anvil(8) is a first attempt to a solution (it's not THE solution because
it also hurts legitimate sites like Yahoo).
> Postfix would just be rejecting them and filling its logs.
Oh come on, these days you're probably rejecting > 95% of messages
anyway. :)
> As far as I'm concerned filling the logs of mailservers that are
Unfortunately the people in charge with these servers either don't
have a clue, or don't care.
