2018-10-25 15:28 GMT+02:00 Matus UHLAR - fantomas <uh...@fantomas.sk>:
> On Thu, Oct 25, 2018 at 08:11:35AM +0200, Poliman - Serwis wrote: >>> >>>> Hi. I heard that having a non-functional server as the primary MX is a >>>> well-known trick to reduce the amount of incoming spam, as most software >>>> used by spammers will only ever try the highest-priority MX. How to do >>>> this? >>>> >>> > On 25/10/18 07:33, Viktor Dukhovni wrote: >> >>> No. This is a myth, and reduces the reliability and performance >>> of legitimate email delivery. Use a decent RBL, postscreen(8) may >>> help to reduce the load on the server and keep smtpd(8) more available >>> for legitimate email. >>> >> > On 25.10.18 10:55, Allen Coates wrote: > >> Yesterday, my Postscreen blocked 92 percent of incoming connection >> attempts:- >> > > this is not related to the subject of discussion, is it? > > There are some anti-spam projects which offer MXes for your use. >> You set one up with the LOWEST prioity (your "MX of last resort"); If a >> message reaches it, the MX will collect stats >> and then return a TEMPFAIL. >> > > but that is the opposite - you provide the lowest MX, not the primary. > > Legitimate mail would not be affected as a retry will be forced, though you >> may want to find out what the project does with the stats they collect. >> > > I have already encountered case where the mailserver got blacklisted, > because one domain only had two MX-es - primary and the blacklisting one. > > Thus, you only should "donate" your MX to such anti-spam projects when you > are 100% sure you have enough of backup MX servers with different uplinks. > > yes, such projects should test that, too. > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > The 3 biggets disasters: Hiroshima 45, Tschernobyl 86, Windows 95 > So generally speaking - I should check postscreen, use a decent RBL and keep smtpd more available for legitimate email. How set decent RBL in Postfix and which are decent? What means/how to do "keep smtpd more available for legitimate email"? I have one more question which is more less related with main thread. I would like to know can I block port 25 on firewall? I read that this port is used to communication between servers. Honestly, I don't got it. I would open 110, 143, 587, 465, 993, 995 and block 25. -- *Pozdrawiam / Best Regards* *Piotr Bracha*
