Stan Hoeppner <[email protected]> writes: > On 7/10/2011 7:26 AM, lee wrote: >> Stan Hoeppner <[email protected]> writes: >> >>> On 7/9/2011 12:00 PM, lee wrote: >>> >>> Just checking for the existence of rDNS is no longer sufficiently >>> effective against bot spam from infected residential hosts. This is >>> because many/most? ISPs have rDNS for most of their IP addresses, >>> whether dynamic or static. >> >> Well, most rejects are because the HELO checks fail. There are only a >> very few that fail because of the rDNS check. There isn't much SPAM >> getting through; I'm getting less than one message per day. > > If your EHLO check is first it would make sense that it will reject more > than the rDNS check. Reverse the order and you may see that metric > reversed. It's good to hear you're not seeing much with your setup. > I'd guess you have low mail flow on that host.
Yes, the HELO checks are first. It seems to make sense that way. What do you consider low mail flow? >>> http://www.hardwarefreak.com/fqrdns.pcre > > I take it you are you really new to managing a mail server. dnsbls have > been around forever, and every mail OP uses one or another, if not 5 or > more. That they are around for a long time doesn't mean that I have to like them or to have others decide what mail to accept or not to accept. > Have you heard of SpamAssassin? Both restrictions make > reject/keep decisions for you. Using this PCRE table is no different in > that regard. Spamassassin seems to be doing a good job; I don't know about your table. Both ways of filtering make decisions for me --- that's the idea. >>> This Postfix PCRE table consists of 1600+ rDNS patterns of residential >>> broadband/SOHO ISPs around the world, and is extremely effective at >>> killing bot spam, while putting very little load on your server. >> >> Sounds like it must have taken quite some work to put the list together, >> and it would need to be maintained. > > The table was built over a relatively long period of time, and does take > a small amount of time to maintain. ISPs don't add new residential rDNS > patterns very often. When we spot a new one a regex is created to match > it. Changes average about one add every 1 to 2 months. Hm, that's a pretty low rate. >> Won't graylisting work as well? > > I see than indeed you are new. Greylisting will usually defeat bot spam > as bots never retry. The problem is the delivery delay introduced > (minutes to hours). This doesn't work for those ordering last minute > air fare and need to print their boarding pass. With greylisting that > boarding pass email may arrive an hour later. Greylisting also sucks > system resources due to the triplet database. Since when can anyone take a given delivery time of emails for granted? I can see people being stupid enough to do that, though. The delay with graylisting remains a disadvantage. > The fqrdns.pcre table gives most of the "catch" performance of > greylisting without the downsides. I can see why you like it. How do you make sure that mail you want to receive isn't rejected when using the table? -- html messages are obsolete -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
