Re: [gentoo-server] SMTP Woes

[Lindsay Haisley <fmouse-gentoo@fmp.com>]

In my experience SPF isn't deployed widely enough to be a reliable
technology on its own for identifying spam.  There are just too many
ISPs out there running mail servers, and sending legitimate email, that
don't identify in SPF.  You'll get many false positives.

Although I'm not using courier-mta instead of postfix, I'm using
blacklists with very good results on FMP's small commercial mail server.
The lion's share of blocking is done based on the Composite Blocking
List.  See <http://cbl.abuseat.org/>, although I have several others in
the mix.

Courier doesn't mess with an inbound SMTP connection attempt if it
identifies in a BL, but simply rejects the connection out front with an
error, which should cause the sending system to issue a DSN in the case
of falsely identified spam - of which I see extremely little.  I expect
postfix works in a similar way.  This delays the connection somewhat,
but you don't end up with dozens of spam-bots tying up your SMTP server
because they fail to properly disconnect when they are told they're
trying to send to a nonexistent mailbox.

On Fri, 2007-11-30 at 11:34 +0000, Kerin Millar wrote:
> On 30/11/2007, Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > Randy Barlow wrote:
> > > I am getting a huge number of connections to my mail server (postfix)
> > > compared to usual.  I've seen as many as 50 connections open at one
> > > time.  The logs show that the connections are from several computers of
> > > varying IPs, and they are all trying to send mail to random mailboxes on
> > > my domain.  It's very annoying, and I have noticed that inbound mail
> > > seems to be lagging by several hours.  Is there something similar to
> > > denyhosts for spammers?  Any other suggestions?
> >
> > Check those IPs against: www.robtex.com/rbl
> > Choose your favorite blacklists (test them, some of them provide too many false positives) and
> > implement with them DNSBL/RBL in your postfix. Also, SPF and greylisting make a good job.
> 
> Regarding SPF, I'd just like to add that the SPF policy daemons (which
> can be integrated into postfix very easily) are available at
> http://www.openspf.org/Software. There are implementations in perl and
> python and, as luck would have it, the python version is available in
> portage as mail-filter/pypolicyd-spf. If you choose to endorse SPF
> then don't forget to define records for one's own domains! A helpful
> document describing SPF syntax can be found here:
> http://www.openspf.org/SPF_Record_Syntax.
> 
> Regards,
> 
> --Kerin

-- 
gentoo-server@gentoo.org mailing list