| 1 |
In my experience SPF isn't deployed widely enough to be a reliable |
| 2 |
technology on its own for identifying spam. There are just too many |
| 3 |
ISPs out there running mail servers, and sending legitimate email, that |
| 4 |
don't identify in SPF. You'll get many false positives. |
| 5 |
|
| 6 |
Although I'm not using courier-mta instead of postfix, I'm using |
| 7 |
blacklists with very good results on FMP's small commercial mail server. |
| 8 |
The lion's share of blocking is done based on the Composite Blocking |
| 9 |
List. See <http://cbl.abuseat.org/>, although I have several others in |
| 10 |
the mix. |
| 11 |
|
| 12 |
Courier doesn't mess with an inbound SMTP connection attempt if it |
| 13 |
identifies in a BL, but simply rejects the connection out front with an |
| 14 |
error, which should cause the sending system to issue a DSN in the case |
| 15 |
of falsely identified spam - of which I see extremely little. I expect |
| 16 |
postfix works in a similar way. This delays the connection somewhat, |
| 17 |
but you don't end up with dozens of spam-bots tying up your SMTP server |
| 18 |
because they fail to properly disconnect when they are told they're |
| 19 |
trying to send to a nonexistent mailbox. |
| 20 |
|
| 21 |
On Fri, 2007-11-30 at 11:34 +0000, Kerin Millar wrote: |
| 22 |
> On 30/11/2007, Arturo 'Buanzo' Busleiman <buanzo@××××××××××.ar> wrote: |
| 23 |
> > -----BEGIN PGP SIGNED MESSAGE----- |
| 24 |
> > Hash: SHA512 |
| 25 |
> > |
| 26 |
> > Randy Barlow wrote: |
| 27 |
> > > I am getting a huge number of connections to my mail server (postfix) |
| 28 |
> > > compared to usual. I've seen as many as 50 connections open at one |
| 29 |
> > > time. The logs show that the connections are from several computers of |
| 30 |
> > > varying IPs, and they are all trying to send mail to random mailboxes on |
| 31 |
> > > my domain. It's very annoying, and I have noticed that inbound mail |
| 32 |
> > > seems to be lagging by several hours. Is there something similar to |
| 33 |
> > > denyhosts for spammers? Any other suggestions? |
| 34 |
> > |
| 35 |
> > Check those IPs against: www.robtex.com/rbl |
| 36 |
> > Choose your favorite blacklists (test them, some of them provide too many false positives) and |
| 37 |
> > implement with them DNSBL/RBL in your postfix. Also, SPF and greylisting make a good job. |
| 38 |
> |
| 39 |
> Regarding SPF, I'd just like to add that the SPF policy daemons (which |
| 40 |
> can be integrated into postfix very easily) are available at |
| 41 |
> http://www.openspf.org/Software. There are implementations in perl and |
| 42 |
> python and, as luck would have it, the python version is available in |
| 43 |
> portage as mail-filter/pypolicyd-spf. If you choose to endorse SPF |
| 44 |
> then don't forget to define records for one's own domains! A helpful |
| 45 |
> document describing SPF syntax can be found here: |
| 46 |
> http://www.openspf.org/SPF_Record_Syntax. |
| 47 |
> |
| 48 |
> Regards, |
| 49 |
> |
| 50 |
> --Kerin |
| 51 |
|
| 52 |
-- |
| 53 |
gentoo-server@g.o mailing list |
Archives