Tue Jul 31, 2012 8:00 am
I dunno, I think you're likely to get more mileage out of hardening your mail server rather than attacking this in the firewall.
One trick I've gotten good results with is configuring sendmail with
FEATURE(`greet_pause', `2500')dnl
The concept is that the RFC says that the client must wait for the server to send the initial greeting before sending any commands. "Lazy" clients - which often are spam sources - often just send the entire command set all in one go without waiting. Any session where a command is received before the greeting is sent is "poisoned" and all commands return errors for the duration.
Now, lots of spammers have figured this out and become more standards compliant, but judging by my logs, this technique still reaps benefits.
But it's like anything - no one solution is sufficient to control spam. You need a layered defense if you're going to bother anymore.