Everybody,
Thank you for your clarifications on postfix terms, I will treasure it,
but let us focus on the problem please.
Legal procedures allow us to take down identified e-mail servers. It is
not possible,
however, to proceed against a botnet of static and dynamic addresses
that send e-mail
using telnet-like tools. Speaking of tools, serious spammers use a
well-known application
that both sends e-mails and follows their trails. This CRM-like
application does not use
an e-mail server: it mocks the chit-chat of real e-mail servers, only to
get into the inbox.
Do not bother with header-based and content-based filtering, because
they study your
server's behaviour and tailor new headers and contents to get through.
Do not bother
with black lists either, they can only serve known static IPs. If you
read your logs and
respond with enhanced filtering, they respond.
My servers filter 95% of e-mail junk upfront: the junk does not hit the
mailboxes.
No, I do not use black lists. Losses of legitimate e-mail is about 1%.
The remaining 4% is the topic of this conversation. I am worried about it,
because it has the potential to take down clients and servers,
either by flooding or infection. Their strength is their ability to
avoid identification:
they send from the cloud, and you cannot reply.
Our point of view is plain: are we dealing with "proper" e-mail servers?
Can they *both* send and receive e-mail? We already know the answer.
Our emphasis, therefore, is on the DNS, to identify the sender and its
MX RR,
because it is the de-facto standard to say "this is where I receive
e-mail".
How else could you tell them apart?
