Re: [CentOS] Kind of OT: internal imap server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Les Mikesell wrote:

If you are handling relatively low volumes of mail, say the low tens of thousands a day, and "mail guy" is not a shout you respond to, then I strongly recommend not becoming a white-coated acolyte to these and to make the smaller brain-investment needed to get Postfix working great.

Unfortunately the amount of real mail you intend to handle doesn't
relate much to what can happen when you plug into the internet.

Hm well I run my own MX that is "on the Internet" and have done for a couple of years or more, and I do it with Postfix on a residential cable modem. I have never had these spamfloods, Every day my daily logs for this and other machines show one or more attempts to relay which fail during SMTP time, so they go somewhere else. Often the recipient on the relaying attempt is undeliverable, they're just interested if you'll take it. I guess if you take their probes, then you get the Zombie army hammering at the door.

If you set your MTA (whatever it is) up with

- reject unknown usernames (much virus mail and a fair amount of spam: gone)

 - reduce the stock usernames in /etc/aliases, keep the RFC ones

 - greylist one way or another (10 mins seems to work fine)

 - reject non-FQDN HELO

- optionally reject "unknown" HELOs, ie, alleged mailservers that lack reverse DNS

you will knock out the vast bulk of your enemies before you spend any real CPU or bandwidth on them. So far I did not need to look at the next step, doing a fake DNS lookup on one of the realtime blackhole lists.

Because all of these operate at SMTP transaction time the problems you point out don't result in dodgy bounces that are sent to the alleged From guy. Anything that can't be talked out of sending dodgy bounces to the alleged From guy would indeed be evil.

That's not the worst part of the license. The real problem is that
qmail as written has several logical flaws, the above-mentioned
being the most obvious, and the license states that no one is
allowed to distribute modified versions so it can't be fixed
without completely replacing components.

he he what a nonsense license. It's up there with Creative Commons Non-commercial stopping radio stations playing liberally licensed music as needing a shooting yourself in the foot award.

-Andy


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux