From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1IyBm5-0004yA-5i for garchives@archives.gentoo.org; Fri, 30 Nov 2007 19:43:45 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.2/8.14.0) with SMTP id lAUJfuQN000450; Fri, 30 Nov 2007 19:41:56 GMT Received: from shakti.fmp.com (shakti.fmp.com [216.110.12.105]) by robin.gentoo.org (8.14.2/8.14.0) with ESMTP id lAUJftwm000445 for ; Fri, 30 Nov 2007 19:41:55 GMT Received: from [192.168.1.16] ([::ffff:10.8.0.7]) (AUTH: LOGIN fmouse@fmp.com) by shakti.fmp.com with esmtp; Fri, 30 Nov 2007 13:41:39 -0600 id 00000000001986EC.0000000047506773.00001C84 Subject: Re: [gentoo-server] SMTP Woes From: Lindsay Haisley To: gentoo-server@lists.gentoo.org In-Reply-To: <279fbba40711300334k62b356eej90db419b06144aca@mail.gmail.com> References: <474FB504.5090209@electronsweatshop.com> <474FE475.7050402@buanzo.com.ar> <279fbba40711300334k62b356eej90db419b06144aca@mail.gmail.com> Organization: FMP Computer Services Date: Fri, 30 Nov 2007 13:41:53 -0600 Message-Id: <1196451713.8841.62.camel@vishnu.fmp.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-server@gentoo.org Reply-to: gentoo-server@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit X-Mailer: Evolution 2.10.2 X-Archives-Salt: 4dbd3537-2ad1-4fd4-b141-b34ea19ed877 X-Archives-Hash: 5c31e0ab13f20f60f58b05de274a30b1 In my experience SPF isn't deployed widely enough to be a reliable technology on its own for identifying spam. There are just too many ISPs out there running mail servers, and sending legitimate email, that don't identify in SPF. You'll get many false positives. Although I'm not using courier-mta instead of postfix, I'm using blacklists with very good results on FMP's small commercial mail server. The lion's share of blocking is done based on the Composite Blocking List. See , although I have several others in the mix. Courier doesn't mess with an inbound SMTP connection attempt if it identifies in a BL, but simply rejects the connection out front with an error, which should cause the sending system to issue a DSN in the case of falsely identified spam - of which I see extremely little. I expect postfix works in a similar way. This delays the connection somewhat, but you don't end up with dozens of spam-bots tying up your SMTP server because they fail to properly disconnect when they are told they're trying to send to a nonexistent mailbox. On Fri, 2007-11-30 at 11:34 +0000, Kerin Millar wrote: > On 30/11/2007, Arturo 'Buanzo' Busleiman wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > Randy Barlow wrote: > > > I am getting a huge number of connections to my mail server (postfix) > > > compared to usual. I've seen as many as 50 connections open at one > > > time. The logs show that the connections are from several computers of > > > varying IPs, and they are all trying to send mail to random mailboxes on > > > my domain. It's very annoying, and I have noticed that inbound mail > > > seems to be lagging by several hours. Is there something similar to > > > denyhosts for spammers? Any other suggestions? > > > > Check those IPs against: www.robtex.com/rbl > > Choose your favorite blacklists (test them, some of them provide too many false positives) and > > implement with them DNSBL/RBL in your postfix. Also, SPF and greylisting make a good job. > > Regarding SPF, I'd just like to add that the SPF policy daemons (which > can be integrated into postfix very easily) are available at > http://www.openspf.org/Software. There are implementations in perl and > python and, as luck would have it, the python version is available in > portage as mail-filter/pypolicyd-spf. If you choose to endorse SPF > then don't forget to define records for one's own domains! A helpful > document describing SPF syntax can be found here: > http://www.openspf.org/SPF_Record_Syntax. > > Regards, > > --Kerin -- gentoo-server@gentoo.org mailing list