Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: mouss (moussnetoyen.net)
Date: Fri Apr 25 2008 - 03:03:48 CDT
Paweł Leśniak wrote:
>> do you mean backscatter? if so, that's a serious problem too. but the
>> fix is to validate recipients at the edge of the network during the
>> smtp transaction.
> Yes. And I've no idea how can I fight backscatter by verifying recipient.
most backscatter comes from servers which accept mail and only later
find that the recipient does not exist, so they bounce. if they
validated recipients during the smtp transaction, there would be no bounce.
>> the requirement does not mean that you must accept any mail to
>> postmaster. the requirement is to make sure you won't miss important
>> mail to postmaster and abuse.
> And how do I know id mail is important or not?
the sender knows! if his mail is important, he must setup his email
>> SPF is not mandatory (to say the least) and most sites do not reject
>> based on SPF (and many SPF records contain ~all). so this is moot.
> But it could be quite good solution if only it'd be accepted by most
please don't revive this debate. If SPF was as effective as you seem to
believe, it would be ubiquitous. anyway, debating SPF here is not
>> if you talk about the backscatterer.(org|com) page, then yes it is
>> unclear. but "important" lists use good spamtraps.
> OK. I'm just commenting what I'm told to read.
>> you repeat reject_unknown_sender_domain (you already have it in
>> smtpd_client_restrictions). this is useless.
>> you already use reject_sender_login_mismatch, so this one won't catch
> I'll correct it as soon as I read about those smtpd_*_restrictions.
>> you need to check how many spam is missed by your checks. if you do
>> SAV on too many spammy connections, then it's bad IMHO.
>> as a start, consider using zen.spamhaus.org instead of
>> sbl.spamhaus.org. zen includes the PBL which catches many zombies.
>> also, it may be a good idea to put all your anti-spam checks under
>> smtpd_recipient_restrictions. this makes it easier to see the order
>> (but do keep restricted_senders.map elsewhere).
> OK, but still I think that SAV with caching is not hurting badly. I'm
> not sending millions emails daily.
you do SAV on mail you _receive_, not on mail you _send_. so the number
of mail you send is irrelevant. you do not control how much mail you
>> many people jumped on challenge-response (some still use it).
> And that's one more thing I have no idea about.
> Thanks for all the answers.
> Pawel Lesniak