From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Mk4Je-0001Nq-3C for garchives@archives.gentoo.org; Sat, 05 Sep 2009 23:05:06 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B6BB5E09F4; Sat, 5 Sep 2009 23:05:04 +0000 (UTC) Received: from mail-px0-f195.google.com (mail-px0-f195.google.com [209.85.216.195]) by pigeon.gentoo.org (Postfix) with ESMTP id 7AC00E09F4 for ; Sat, 5 Sep 2009 23:05:04 +0000 (UTC) Received: by pxi33 with SMTP id 33so1674240pxi.11 for ; Sat, 05 Sep 2009 16:05:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=CgFWcejhC8CVJsrsVGI2X3Fnj4tbjXEPfpIZxdllAoI=; b=f2A2ZW+NxJULKreGgB0YbBC32GcTGu0b/xcOSueO+TFa98dtXmaRZbGDNwaWwlSrtS FwZrA/PTYKCSgPBeiI2XPeFQzrSLyMjuyC6eTUN0wYgb9EsHgPHzKkcBS2a69+znBV5D Ypw4Y8fUrO+OqspNKHaztsRfEGtyxEWSd/tw0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=Dh/x9evJLvO78QPV0bcIlgLb8516Qqj/bu/lvaJhBSLRI2jdLSONk7+eIU+OrKW/tC c5ueZAe7eAcTwDe3j34x1X4BTrBubV7fVEW7SSzK1ghRXns25gT9TPiXkpfWlvohSunB C8feTWXQhgDXrhdpyb444Qybh8FQZzTCvv8+k= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.114.237.37 with SMTP id k37mr12543670wah.31.1252191903642; Sat, 05 Sep 2009 16:05:03 -0700 (PDT) In-Reply-To: <624FB4A8-DA4F-4DD4-92D8-D10F420D3C1A@stellar.eclipse.co.uk> References: <49bf44f10909031345r571d2157pf07e3adf66568c53@mail.gmail.com> <200909032314.58494.alan.mckinnon@gmail.com> <88FDB814-951C-4648-A1A3-9F8F40C86469@stellar.eclipse.co.uk> <200909042249.40687.alan.mckinnon@gmail.com> <624FB4A8-DA4F-4DD4-92D8-D10F420D3C1A@stellar.eclipse.co.uk> Date: Sat, 5 Sep 2009 16:05:03 -0700 Message-ID: <49bf44f10909051605h494b2419g9d13e6647ea26acd@mail.gmail.com> Subject: Re: [gentoo-user] {OT} reverse DNS problem? From: Grant To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: d80025ff-73e9-4f39-888a-4a31f1b75534 X-Archives-Hash: b2f5d6fc0900255c49e206422434c7a5 >> Every other solution out there has this one little problem that people >> seem to >> ignore. >> >> Per RFC, if you accept the connection and the mail, you will deliver it. >> That's what it says. It also says this since days long before spam >> problems, >> but still. We all conveniently ignore this if we are talking about what >> *we* >> consider spam, and by "we" I mean "everyone who cares to take an interes= t >> except the actual recipient". >> >> ... Yet we accepted the mail implying that we will deliver it... > > I don't think it's necessary to break RFC if you reject based on a bogus > HELO. The connection is initiated, but you do not get as far as accepting > the mail. > >> Instantly, 85% of the problem goes >> away, and I have numbers to prove it. > > 85% of the problem goes away if you use Spamhaus, and that doesn't requir= e > you to discard legitimate email. > >> And why is a user on a DSL range running a mail server anyway? > > Personally, from my own point of view, it's so that I can see clearly tha= t a > message has been delivered. > > EG: > > Sep =A01 18:42:22 compaq postfix/smtp[6121]: A66A2137D25: > to=3D, relay=3Dmx1.mail.eu.yahoo.com[217.12.11.64], dela= y=3D2, > status=3Dsent (250 ok dirdel) > > I get complaints ALL the time from my customers, "oh, my brother / mother= / > customer / supplier says they sent me an email and I never received it". = The > only way I can debug this is to send them test messages (sometimes daily) > and tell them to let me know if they don't arrive. > > If a customer comes to you with a log entry that looks like the above, > referring to your server's hostname & IP, complaining the message was nev= er > delivered, then you can, reluctantly, look in the problem, grepping for > A66A2137D25. > > If the customer comes to you with a log entry like the above with > relay=3Dsmtp.my-isp.com then your response will be "oh, we probably never= got > the message from your ISP". I presumably can log a support issue with my = ISP > & expect them to come up with the log of the message being delivered to y= our > servers, but it's simply easier if I can debug non-deliveries myself. > >> The vast >> overwhelming majority of them are Windows zombies! > > Which are easily filtered by checking their HELO resolves to an independe= nt > domain. Or am I missing something here? > > The remainder of those you're inefficiently filtering are Linux enthusias= ts > running Postfix on their Gentoo boxes. Yeah, I was planning on setting up postfix on my home Gentoo box too. I guess I could relay through my ISP to avoid delivery problems like this. Why hasn't greylisting been mentioned? I greylist and it ends up blocking at least 99% of spam in my experience. - Grant >> And finally, my mail servers are mine and I make decisions about them, n= ot >> someone else. > > Sure, but you're making unilateral decisions about the validity of emails= on > behalf of your customers. And around here the customer comes first. > > If Bob wants to send Alice an email, he shouldn't have to reconfigure his > email server because Fred, the systems administrator at Alice's ISP, is > being a knob about things. > > You may be the exception, having a narrow pipe and being unable to afford > the Spamhaus / DNS lookups to filter spambots in efficient ways. Most > systems administrators using this policy are unable to justify the decisi= on. > >> Best policy is to stipulate in the ISP's terms of service that you will >> not >> accept inbound mail connections from range you feel you cannot trust and >> users >> must use their ISPs mail relay instead. > > You certainly won't get me subscribing to your service. > > Stroller.