On Sat, Feb 03, 2007 at 10:46:02AM +0100, [EMAIL PROTECTED] wrote:
> I really think spammers don't give a damn about coming back to deliver
> e-mail properly. The new breed of spammers uses botnets to deliver their
> crap. And since those systems are not theirs and that bandwidth is not
> theirs, they write software to act as a proper mail server. That means,
> they come back when mail isn't properly delivered.
>
> Downside is:
> a) The botnet pc is getting whitelisted
> b) The system administrator has to manually take it off the whitelist
> and put it on the blacklist (I have written a shell script to take care
> of this)
> c) Your users are bothered with crap
>
> Agreed, not all spammers are using botnets, thank god. However, the
> spammers that do cause most of our and our users' irritation.
>
> One solution would be to check if the delivering IP Address has a
> logical name like: mail. smtp. mx. etcetera
> But..not all mail servers are setup like that. So, I will get a lot of
> users complaining e-mail doesn't reach them and it will cost me about
> the same amount of time to explain it to my users and whitelist the IP
> Address.
Greylisting is still the best crap-cutter at the moment.
A workable method is to reject mail from IPs that don't have rDNS that
maps to forward DNS, such as with postfix:
These are OK to use:
smtpd_recipient_restrictions =
reject_non_fqdn_hostname
reject_invalid_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_sender_domain
reject_unknown_recipient_domain
....
These will reject mail from legit servers that don't have rDNS for the
IP that they helo with, and the name that they helo with:
reject_unknown_client
reject_unknown_hostname
But it does cut the crap. So does a pcre that inspects rDNS of the
client like this:
/(dhcp|dyn|dial|ppp)/ REJECT Mail not accepted from hosts at dynamic IPs due
to *spam*, Client checks
If you don't use all the above, you get pain from users about spam
volume. If you do use it, you get pain from them about legit mail not
comming through...
I guess other MTAs such as Sendmail and Exim have similar methods to the
above.
