1 |
On 4 Sep 2009, at 21:49, Alan McKinnon wrote: |
2 |
> On Friday 04 September 2009 17:23:15 Stroller wrote: |
3 |
> ... |
4 |
> Every other solution out there has this one little problem that |
5 |
> people seem to |
6 |
> ignore. |
7 |
> |
8 |
> Per RFC, if you accept the connection and the mail, you will deliver |
9 |
> it. |
10 |
> That's what it says. It also says this since days long before spam |
11 |
> problems, |
12 |
> but still. We all conveniently ignore this if we are talking about |
13 |
> what *we* |
14 |
> consider spam, and by "we" I mean "everyone who cares to take an |
15 |
> interest |
16 |
> except the actual recipient". |
17 |
> |
18 |
> ... Yet we accepted the mail implying that we will deliver it... |
19 |
|
20 |
I don't think it's necessary to break RFC if you reject based on a |
21 |
bogus HELO. The connection is initiated, but you do not get as far as |
22 |
accepting the mail. |
23 |
|
24 |
> Instantly, 85% of the problem goes |
25 |
> away, and I have numbers to prove it. |
26 |
|
27 |
85% of the problem goes away if you use Spamhaus, and that doesn't |
28 |
require you to discard legitimate email. |
29 |
|
30 |
> And why is a user on a DSL range running a mail server anyway? |
31 |
|
32 |
Personally, from my own point of view, it's so that I can see clearly |
33 |
that a message has been delivered. |
34 |
|
35 |
EG: |
36 |
|
37 |
Sep 1 18:42:22 compaq postfix/smtp[6121]: A66A2137D25: to=<XXX@××××××××.uk |
38 |
>, relay=mx1.mail.eu.yahoo.com[217.12.11.64], delay=2, status=sent |
39 |
(250 ok dirdel) |
40 |
|
41 |
I get complaints ALL the time from my customers, "oh, my brother / |
42 |
mother / customer / supplier says they sent me an email and I never |
43 |
received it". The only way I can debug this is to send them test |
44 |
messages (sometimes daily) and tell them to let me know if they don't |
45 |
arrive. |
46 |
|
47 |
If a customer comes to you with a log entry that looks like the above, |
48 |
referring to your server's hostname & IP, complaining the message was |
49 |
never delivered, then you can, reluctantly, look in the problem, |
50 |
grepping for A66A2137D25. |
51 |
|
52 |
If the customer comes to you with a log entry like the above with |
53 |
relay=smtp.my-isp.com then your response will be "oh, we probably |
54 |
never got the message from your ISP". I presumably can log a support |
55 |
issue with my ISP & expect them to come up with the log of the message |
56 |
being delivered to your servers, but it's simply easier if I can debug |
57 |
non-deliveries myself. |
58 |
|
59 |
> The vast |
60 |
> overwhelming majority of them are Windows zombies! |
61 |
|
62 |
Which are easily filtered by checking their HELO resolves to an |
63 |
independent domain. Or am I missing something here? |
64 |
|
65 |
The remainder of those you're inefficiently filtering are Linux |
66 |
enthusiasts running Postfix on their Gentoo boxes. |
67 |
|
68 |
> And finally, my mail servers are mine and I make decisions about |
69 |
> them, not |
70 |
> someone else. |
71 |
|
72 |
Sure, but you're making unilateral decisions about the validity of |
73 |
emails on behalf of your customers. And around here the customer comes |
74 |
first. |
75 |
|
76 |
If Bob wants to send Alice an email, he shouldn't have to reconfigure |
77 |
his email server because Fred, the systems administrator at Alice's |
78 |
ISP, is being a knob about things. |
79 |
|
80 |
You may be the exception, having a narrow pipe and being unable to |
81 |
afford the Spamhaus / DNS lookups to filter spambots in efficient |
82 |
ways. Most systems administrators using this policy are unable to |
83 |
justify the decision. |
84 |
|
85 |
> Best policy is to stipulate in the ISP's terms of service that you |
86 |
> will not |
87 |
> accept inbound mail connections from range you feel you cannot trust |
88 |
> and users |
89 |
> must use their ISPs mail relay instead. |
90 |
|
91 |
You certainly won't get me subscribing to your service. |
92 |
|
93 |
Stroller. |