From: Joao Inacio (mailjcinacio.com)
Date: Sat Jun 10 2006 - 10:53:51 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 2006-06-10 at 06:24 +0200, mouss wrote:
> Dan Serban wrote:
> > David Cary Hart wrote:
> >
> >> On Mon, 05 Jun 2006 12:14:14 -0700, Dan Serban
> >> <dserbanlodgingcompany.com> opined:
> >>
> >>> In reality, our checks are quite relaxed, really, the only reason
> >>> people are being rejected is the fact that there is no fqdn listed
> >>> for the ip (domain) sending mail. I've found that this stops 80%
> >>> (certainly not a scientific number) of the spam attempts on our
> >>> server. Simply allowing them would cause havoc, the whitelist
> >>> shouldn't be that large, I'm more concerned regarding our vendors
> >>> and wholesalers not making it through, clients have a different
> >>> avenue in case of bounce backs. If there's no mx on record how
> >>> would one reply to the email anyway? :)
> >>>
> >>>
> >> 1. Are you using reject_non_fqdn_sender;
> >> 2. reject_unknown_client_hostname;
> >> 3. reject_unknown_reverse_client_hostname ?
> >>
> >> 1. Creates too many FPs in my experience.
> >> 2. Creates cross-resolve rejects. In other words the hostname must
> >> resolve back to the client IP.
> >> 3. Only requires a FQDN host and creates fewer FPs.
> >>
> >> Frankly, I don't use any of these, Have you tried DNSBLs (Ours, SORBS,
> >> Spamhaus)?
> >>
> >
> > In reality, if the FP was caused by a misconfiguration, wouldn't the
> > admin want to have a correctly configured server? I don't know,
> > somewhat torn on the whole issue, the current configuration has blocked
> > over 8,000 unresolvable pieces of mail, while FP'ing about 12 (of which
> > only two different servers were involved).
> >
> >
> well. If you're "young", you have the right to try to educate the
> world:) "experience" shows that this is not an effective approach.
> Regarding your numbers, 12/8000 may be a large FP ratio, depending on
> your site. Here, 1/N is too much if it can be avoided, whatever is N.
> That said, logs are watched for descrepancies, and some sites get
> "annoyed after debate" (some sites are blocked after analysis). The rest
> is left to Content filters.
>
> > Difficult subject, as every admin has a different feel for what they
> > have to put up with concerning spam. I certainly don't want to turn
> > around business which does contact us via email, though the amount of
> > spam hitting our workstations is much too immense to be ignored.
> >
> >
>
> welcome.
>
> > Hmm, your points are very interesting. The only check which you have
> > mentioned above is #1, reject_non_fqdn_sender. Yes, I use spamhaus, and
> > definately not sorbs. I'm in the process of setting up baysian
> > filtering using s-a, though I cannot or don't want to spare the
> > resources to scan every email that comes in if I open her up. 8,000
> > emails daily that would get pushed through the system for almost no reason.
> >
> >
>
> why? 8000 is a small number.
>
> > I think the approach I will take is set the warn_if_reject flag and
> > start letting stuff through, I'd like a different solution, though it's
> > difficult to really be proactive on these kinds of things.
> >
> >
>
> everybody would like that, but...
>
>
> > Is there an example main.cf somewhere where someone has quite the
> > success rate with low FP's?
> >
> depends on what you want. I implement very few checks in postfix, thus a
> theoritical 0 FP (unless I've missed some). the price is some cpu+ram to
> do content filtering.

I have just turned on SPF checking a couple of days ago and from the
looks of things, it doesn't seem like there are many domains using them
at all. Checking SPF's seems very reasonable, does anyone have some bad
experiences with it?

Also, no experience at all with greylisting but i'm guessing there are
many misbehaved servers that will simply drop the messages...

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]