1 |
In my experience SPF isn't deployed widely enough to be a reliable |
2 |
technology on its own for identifying spam. There are just too many |
3 |
ISPs out there running mail servers, and sending legitimate email, that |
4 |
don't identify in SPF. You'll get many false positives. |
5 |
|
6 |
Although I'm not using courier-mta instead of postfix, I'm using |
7 |
blacklists with very good results on FMP's small commercial mail server. |
8 |
The lion's share of blocking is done based on the Composite Blocking |
9 |
List. See <http://cbl.abuseat.org/>, although I have several others in |
10 |
the mix. |
11 |
|
12 |
Courier doesn't mess with an inbound SMTP connection attempt if it |
13 |
identifies in a BL, but simply rejects the connection out front with an |
14 |
error, which should cause the sending system to issue a DSN in the case |
15 |
of falsely identified spam - of which I see extremely little. I expect |
16 |
postfix works in a similar way. This delays the connection somewhat, |
17 |
but you don't end up with dozens of spam-bots tying up your SMTP server |
18 |
because they fail to properly disconnect when they are told they're |
19 |
trying to send to a nonexistent mailbox. |
20 |
|
21 |
On Fri, 2007-11-30 at 11:34 +0000, Kerin Millar wrote: |
22 |
> On 30/11/2007, Arturo 'Buanzo' Busleiman <buanzo@××××××××××.ar> wrote: |
23 |
> > -----BEGIN PGP SIGNED MESSAGE----- |
24 |
> > Hash: SHA512 |
25 |
> > |
26 |
> > Randy Barlow wrote: |
27 |
> > > I am getting a huge number of connections to my mail server (postfix) |
28 |
> > > compared to usual. I've seen as many as 50 connections open at one |
29 |
> > > time. The logs show that the connections are from several computers of |
30 |
> > > varying IPs, and they are all trying to send mail to random mailboxes on |
31 |
> > > my domain. It's very annoying, and I have noticed that inbound mail |
32 |
> > > seems to be lagging by several hours. Is there something similar to |
33 |
> > > denyhosts for spammers? Any other suggestions? |
34 |
> > |
35 |
> > Check those IPs against: www.robtex.com/rbl |
36 |
> > Choose your favorite blacklists (test them, some of them provide too many false positives) and |
37 |
> > implement with them DNSBL/RBL in your postfix. Also, SPF and greylisting make a good job. |
38 |
> |
39 |
> Regarding SPF, I'd just like to add that the SPF policy daemons (which |
40 |
> can be integrated into postfix very easily) are available at |
41 |
> http://www.openspf.org/Software. There are implementations in perl and |
42 |
> python and, as luck would have it, the python version is available in |
43 |
> portage as mail-filter/pypolicyd-spf. If you choose to endorse SPF |
44 |
> then don't forget to define records for one's own domains! A helpful |
45 |
> document describing SPF syntax can be found here: |
46 |
> http://www.openspf.org/SPF_Record_Syntax. |
47 |
> |
48 |
> Regards, |
49 |
> |
50 |
> --Kerin |
51 |
|
52 |
-- |
53 |
gentoo-server@g.o mailing list |