[ Reply-To: set to self as this is no longer on topic for the list ]
On Fri, Feb 04, 2011 at 11:20:45AM +0100, J4K wrote:
> On 02/04/2011 05:17 AM, Stan Hoeppner wrote:
> > Steve Jenkins put forth on 2/3/2011 11:18 AM:
> >> On Thu, Feb 3, 2011 at 1:44 AM, J4K <ju...@klunky.co.uk> wrote:
> >>> Its a good idea, but this would limit a user from using a server on his
> >>> residential ADSL from being an Email server, and force them to use their
> >>> ISPs relay. Else they might have to upgrade to a business package or
> >>> spend
> >>> more money for a static IP address that they can amend the reverse lookup
> >>> record for. Pros and cons.
Cons, yes, but that train has long ago left the station. It's a done
deal: today's Internet will not work for running mailservers from
dynamic IP space without a relayhost.
This is a dead horse. One might even go so far as to say:
'E's not pinin'! 'E's passed on! This 'orse is no more! He has ceased
to be! 'E's expired and gone to meet 'is maker! 'E's a stiff! Bereft
of life, 'e rests in peace! If you hadn't nailed 'im to the stable
'e'd be pushing up the daisies! 'Is metabolic processes are now
'istory! 'E's off the twig! 'E's kicked the bucket, 'e's shuffled off
'is mortal coil, run down the curtain and joined the bleedin' choir
invisibile!! THIS IS AN EX-'ORSE!!
To try to push this a bit toward topicality, please see this:
http://www.postfix.org/SOHO_README.html
which discusses options for Postfix users in a SOHO setting.
Steve:
> >> It's a GREAT idea. I don't want/need email from users with ADSL
> >> or cable modem servers that refuse to use their ISP's relay. If
> >> enough of us stand firm on our mail acceptance policies to the
> >> point where we force SOHO and "Linux Weenies" to use their ISP's
> >> relay (which shouldn't cost them any money), then SPAMmers would
> >> take a huge hit.
I run a small site, the largest part of which is a hobbyist-run and
mostly hoobyist-oriented free software project. Some of our target
audience are these "Weenies" as described, and indeed, I stand firm.
We don't accept mail from Zen-listed hosts. We don't whitelist,
although I would consider such a request if it involved a static IP
address. I will *not* whitelist PBL space. If you can't get yourself
off the PBL, you should not be sending mail direct-to-MX.
I used to feel exactly as J4K does. I learned why that won't work. My
hobbyist[1] project is hosted at a real datacenter, with static IP
and FCrDNS. When our provider messed up our rDNS recently, I switched
to using a relayhost at another site, which had good FCrDNS.
One thing I personally do which is not suitable now: I send mail as a
GMX user, but not through GMX relays. Since I only use this address
for mailing lists, I generally get away with it, but I doubt that
will last indefinitely. Eventually I'll have to DTRT: send using my
own domain, or submit GMX outbound through GMX relays.
Stan:
> > Unfortunately the situation isn't quite that simple. Note the
> > explanation I gave for the header prepending. There are ISPs who
> > only offer xDSL to business clients, with static IPs, but without
> > custom rDNS, and they don't want these business clients relaying
> > through their MSAs. Most are going to run their own MX MTA
> > anyway. We don't want to be throwing these babies out with the
> > bath water, nor the hobbyists. We're fighting spammers.
I agree with Stan in principle, but as much as possible, it's best
for those who have incompetent "business" ISPs to vote with their
feet. It's almost a corrolary of the Boulder Pledge. Demand value for
your money.
> > The battle that needs to be fought is getting all ISPs to
> > implement TCP 25 outbound filtering across the board for
> > residential lines, and only opening it upon request. Some
> > already do this in the states, but relatively few. That's the
> > better way to solve the spambot/zombie problem, not penalizing
> > one or two segments of ISP customers simply because they're on a
> > "residential class" broadband line. If a hobbyist knows how to
> > run an MTA properly, and wants to send/receive directly, we
> > should not discourage that. And we shouldn't be penalizing SOHOs
> > doing the same.
Again I agree in principle, but less so in practice. Outbound 25
blocking is good, but it's not worth trying to preach that to ISPs
who aren't doing it. If an ISP is a source of a lot of abuse, the
ideal thing to see is that ISP being widely blocked. And then its
customers will have to vote with their feet, if they want to use
Internet mail!
> > Remember, we're fighting spam, not innocent bystanders who simply
> > have the same connectivity a bot infected PC sits behind.
> >
> I agree. I have plenty of colleagues who run their own mail servers
> from residential connections and they know how to set-up their
> machines. Understandably, they are miffed by having to pay for a
> business line, or rack space in a data centre, when they are
> perfectly capable for doing this with a spare box at home.
> Therefore they set-up their own server.
Hogwash. If they do, they're using a relayhost. And if they really
are as capable as you say, they understand why this is necessary.
> I don't fancy blocking these people or the enthusiasts who are
> quite capable of running their own server.
Nevertheless, it's necessary.
> Back to the Stan's pcre file:- I've been running through the logs
> for rejects specifically caused by this file (or prepends).
> However I did not see any. Is there a string I could search for,
> and how could I white list IPs instead of editing the pcre file?
These questions (which are on topic, and I might reply under
separate cover if no one else has addressed them fully) betray your
lack of understanding of Postfix and email in general. Your sermon
about the "capable colleagues" is thus losing credibility.
Please, learn more about the state of SMTP in A.D. 2011, before
you go on about how those of us who understand it better are wrong.
Stan's right: we're fighting spammers, but perhaps he is a bit more
optimistic than I am about winning that fight. We try to limit the
damage they do ... best we can hope for as things stand now.
<plug shame-mode=no,shameless>
If you really do want to beat this dead horse, it would be well
within the topicality of a list I help run:
http://spammers.dontlike.us/
We have a lot of good folks there (and I know Stan will agree!) who
can and will teach you the folly of direct-to-MX mail from dynamic
and/or tainted IP space.
You'd be welcome to join us, and I guarantee it won't be any
rougher[2] on you than I was. :)
</plug>
[1] Do note, for me, the word, "hobbyist," is a term worthy of
highest respect in computing and free software. I'm always
appalled by the lack of quality among so-called IT
"professionals", and yet I know many bright and capable
computer hobbyists.
[2] I don't think I was "rough", per se, just direct. Since I said
nothing offensive, I shouldn't have to say this, but indeed no
offense was intended.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
