John Jolet said: > Matt Fretwell wrote: >> >> > This email, for instance was sent from a properly configured mta running > antispam and antivirus scanning in BOTH directions, from a dynamic ip. > If my wife sends email from her computer, it goes to the isp's mta, > which does inbound only scanning. I have several rules in place for > postfix to force it to use my isp's mta for domains that refuse traffic > from dynamic or "residential" ip addresses. The price for a > non-residential ip from my isp is nearly double that for residential. > Do I get any added-value service for that? No, in fact, I lose the > ability to take faulty equipment directly to the service center for > replacement, instead of waiting for a service call. I think more people > running mtas would take the tack of examining the TRAFFIC, not the IP it > came from. That's just laziness.
Most of the spam I've gotten the last three days is from comcast.net. Apparently they allow their customers to send out to port 25. They should lock that down so that spam goes out through their own servers so they can feel the pain when they are blacklisted for incompetence. If you need to run your own stand-alone mail service you should pay the price for the privilege. Nobody should send mail directly unless it is filtered outbound. In fact, that would be a good blacklist: real-time-morons.org. I'd even toss in systems that NDR after the connection is closed as they have no idea at that point whe the sender is. dp _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
