Re: Spamassasin over RBL, was Re: rblsmtpd -t?
On Fri, May 03, 2002 at 07:49:06PM +0200, Emile van Bergen wrote: > On Fri, 3 May 2002, Jason Lim wrote: > > > I'm not sure, but how many ISPs still allow direct-to-MX-style mail > > sending (sending direct from the dialup or cable or whatever, without > > using additional mail servers)? I know quite a few Australian ISP that > > still allow it (not the big ones like Bigpond or Optusnet AFAIK), and many > > HK ISPs still allow it... how about in the USA and Europe? > > Well, I'm in the Netherlands, and personally I'm glad to see that my ISP > (xs4all) doesn't assume that their customers are unresponsible by > default, so they don't block outgoing SMTP from dialup or DSL customers. [...] > That is entirely the right thing to do, IMNSHO. I subscribed for full > connectivity; I run my own MTA here and I know very well how to do it, > thank you very much. I'd never, ever choose an ISP who considers their > customers guilty by default. I cannot agree more. It exists some kind of worldwide spam psicosis and a tendency to cure the headache with the decapitation method. Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: downloads too fast, hogging whole modem line
On Tue, Jul 09, 2002 at 11:58:24AM +0800, Dan Jacobson wrote: > > My downloads are too fast, hogging the whole modem line. Is there any > way to slow them down so I can read web pages at the same time? You should read the Linux Advanced Routing & Traffic Control HOWTO at http://lartc.org/ Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: default iptables (again)
On Mon, Mar 17, 2003 at 06:51:16PM +1100, Glenn Hocking wrote: > Hi > > Ok I now know what the issue is. The iptables NAT box is a PPPoE box > running PPPoE on boot. Every time it drops the connection and > re-establishes itself (as adsl does) it drops the firewall rules and > reloads them back to the default. So directly after boot my rules are > loaded but as soon as it brings up the connection it reloads the default. > > I've tried the iptables save command mentioned earlier and searched the > PPP directorys for references to iptables but with no luck. > > Does anybody know how to set the default iptables rules for a PPP > connection that 'recalculates' the rules on PPP. > Or can I just stop it from reloading the rules every time the ADSL > connection is brought up. You can always make a script which recalculate the rules and put it in the /etc/ppp/ip-up.d/ directory, but the package ipmasq does exactly that, even if you are not thinking in masqueraded conections. The only problem is that ipmasq "takes over" the firewall, so any rules that you want to put, you have to put it in the ipmasq configuration files, otherwise ipmasq will wipe them every time the connection is restarted. A big plus is that ipmasq sanitizes the firewall with default security rules, such as filtering packets comming through an external interface with an "internal" source address, and things like that. Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: downloads too fast, hogging whole modem line
On Tue, Jul 09, 2002 at 11:58:24AM +0800, Dan Jacobson wrote: > > My downloads are too fast, hogging the whole modem line. Is there any > way to slow them down so I can read web pages at the same time? You should read the Linux Advanced Routing & Traffic Control HOWTO at http://lartc.org/ Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: default iptables (again)
On Mon, Mar 17, 2003 at 06:51:16PM +1100, Glenn Hocking wrote: > Hi > > Ok I now know what the issue is. The iptables NAT box is a PPPoE box > running PPPoE on boot. Every time it drops the connection and > re-establishes itself (as adsl does) it drops the firewall rules and > reloads them back to the default. So directly after boot my rules are > loaded but as soon as it brings up the connection it reloads the default. > > I've tried the iptables save command mentioned earlier and searched the > PPP directorys for references to iptables but with no luck. > > Does anybody know how to set the default iptables rules for a PPP > connection that 'recalculates' the rules on PPP. > Or can I just stop it from reloading the rules every time the ADSL > connection is brought up. You can always make a script which recalculate the rules and put it in the /etc/ppp/ip-up.d/ directory, but the package ipmasq does exactly that, even if you are not thinking in masqueraded conections. The only problem is that ipmasq "takes over" the firewall, so any rules that you want to put, you have to put it in the ipmasq configuration files, otherwise ipmasq will wipe them every time the connection is restarted. A big plus is that ipmasq sanitizes the firewall with default security rules, such as filtering packets comming through an external interface with an "internal" source address, and things like that. Blu.
Re: gFTP problems?
On Sat, Jul 05, 2003 at 10:52:28PM +, Martin WHEELER wrote: > Solutions suggested so far have been to turn off, or make completely > transparent, any firewall between you and them (!!!); or to turn off > passive ftp mode. (makes no difference, incidentally) > > Symptoms under gFTP are: connection is made to the remote proFTPD 1.2.4 > server on port 21; password is requested; sent; and accepted; type is > set to l; current directory is given as "/"; system goes into passive > mode; gives message: "Receiving file names... ; then hangs until > connection times out after printing message "Cannot create a data > connection". > > Customers using Cuteftp report that turning off passive mode indeed > fixes the problem for them; any clues as to what is going on under > Linux? > (Sarge, with kernel 2.4.19 -- and I'm not using any local proxy.) Looks like the port 20 (ftp-data) is blocked somewhere. Ftp protocol uses two ports, 21 for commands and 20 to send data. In passive mode, when you make a request to the ftp server, it tries to open a conection to your machine on port 20 to send data. If the port 20 is blocked, the server times out trying to connect. With passive mode turned off, it is your ftp client which actively tries to establish a data connection, maybe through another port. Take a look at your firewall settings in case it is you who is blocking port 20, if not, it is your ISP. Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Weird Reboots
On Sun, Jul 20, 2003 at 01:09:29AM -0500, Rod Rodolico wrote: > I don't understand what is going on. My machine has rebooted 5 times > between 10:00 and 18:00. I looked in syslog and the line contains 109 at > signs (@). That could be somebody or something trying to use a buffer overflow attack. That kind of attack often crashes the target machine and leaves signs like long lines in syslog. The fact that the machine rebooted so many times could be a sign that the exploit didn't work and the attacker was not able to brake in but I would not trust on that. On the other side, it could be a hardware problem too, memory being the principal suspect. Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Fri, Jan 30, 2004 at 10:35:57AM +1100, Craig Sanders wrote: > On Thu, Jan 29, 2004 at 04:37:07PM +0100, Thomas GOIRAND wrote: > > Not looking for a fight either, but... ALL the MTAs? What are the results > > for qmail then? I've always heard it's the fastest... > > no, postfix beats it. > > qmail WAS the fastest several years ago. then postfix arrived. I use qmail, and the other big problem with it is, AFAIK, that it accepts a message before checking if it has to be bounced. With forged return email addresses one get a lot of bounced bounces. Very annoying. Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Which Spam Block List to use for a network?
On Wed, Jun 23, 2004 at 09:56:02AM +1000, Craig Sanders wrote: > On Tue, Jun 22, 2004 at 11:37:41AM +0200, Niccolo Rigacci wrote: > > You want to block spam or viruses, this is OK but you are on the > > wrong way. > > no, it's absolutely the right way. a large percentage of spam and > almost all viruses come direct from dynamic IP addresses. block > mail from them and you instantly block most of the problem. And you block a lot of legitimate email too. In my server, my policy is to reject mail from hosts which are blocking me. This way, the sender recives a bounce with a 550 explaining that their ISP is blocking legitimate email from us. A lot of customers are not even aware of the fact that their ISP is blocking legitimate email at their backs. I have been able to white list my server in a number servers without moving a finger, just angry users calling customer service. Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Which Spam Block List to use for a network?
On Wed, Jun 23, 2004 at 11:19:19AM +1000, Craig Sanders wrote: > > In my server, my policy is to reject mail from hosts which are blocking > > me. > > good for you. your server, your rules. sounds like a stupid thing to do, but > you are entirely within your rights to do so. Thanks for the compliment. In fact, blocking mail which cannot be answered blocks a lot of forged sender spam too, something like 80% here, being conservative. Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Which Spam Block List to use for a network?
On Wed, Jun 23, 2004 at 08:32:17AM +0200, Adrian 'Dagurashibanipal' von Bidder wrote: > On Wednesday 23 June 2004 03.27, Blu wrote: > > > > In my server, my policy is to reject mail from hosts which are > > > > blocking me. > > > [...] blocking mail which cannot be > > answered blocks a lot of forged sender spam too, something like 80% > > here, being conservative. > > You did say two different things here. > > I block mail which can't be answered, too, by requiring the send domains > to exist. After an upgrade to postfix 2.1 I will consider verifying the > user part of sender addresses, too, if greylisting doesn't get the spam > down far enough. Well, if a host blocks mail from me, mail from that host is in fact unanswerable mail. It is just a subset of mail which can't be answered. > I've never had my mail rejected by some mailserver, yet, but I don't > think I would just block mail from mailservers blocking me - when my > block produces false positives, I'm glad if people tell me (the 550 > message tells them how to contact me by email without being blocked.) > So I like to extend the same courtsy to the operator of the other box. > As was said in this thread by somebody, it's all about enabling > communication, and not about making it impossible. And blocking spam > just keeps email a useful medium. My 550 tells people that it is HIS host which is blocking mail from mine and that I will accept mail from them as soon they stop blocking me. I run a number of public service servers and in the past, from the perspective of an user of a server which blocks mail from mine, the mails were being blackholed at my host. They never got an answer or even a bounce. Now, at least they know what is going on and know that the problem is their side, not mine. Finally, I keep postmaster always open, a thing that a lot of this happy blocking servers does not. Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Which Spam Block List to use for a network?
On Wed, Jun 23, 2004 at 10:05:50AM +0200, Andrew Miehs wrote: > > > >On Wed, Jun 23, 2004 at 08:32:17AM +0200, Adrian 'Dagurashibanipal' > >von Bidder wrote: > > > >Well, if a host blocks mail from me, mail from that host is in fact > >unanswerable mail. It is just a subset of mail which can't be answered. > > > > I think the important part here is not the host, but the domain. If the > domain does not exist or does not have any MX records, fair enough, but > just because a host doesn't want to receive mail, thats another > story... Well yes. Maybe I oversimplified. What I do is a callback to the MX of the envelope sender to see if it accepts mail to him/her. If not, the mail is rejected with an explicative 550. Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Which Spam Block List to use for a network?
On Wed, Jun 23, 2004 at 10:26:49AM +0200, Adrian 'Dagurashibanipal' von Bidder wrote: > On Wednesday 23 June 2004 09.51, Blu wrote: > > > I run a number of public service servers and in the past, from the > > perspective of an user of a server which blocks mail from mine, the > > mails were being blackholed at my host. They never got an answer or > > even a bounce. > > Huh? Either your servers are/were severely misconfigured, or you don't > mean the same thing as I when you talk about blocking. > > block == reject with 5xx error code in the SMTP transaction. Or possibly > block at firewall level. Yes, rejection with 5xx error, we are talking the same. > So it's the task of the upstream mailserver to generate a bounce (and > since the upstream mailserver in most cases belongs to the > administrative domain where the mail originally comes from, there's > fair chance that the bounce actually gets to the sender of the mail.) > > How did your users not receive a bounce? First, I live in a place where ISP mail servers are not trustable, so I generaly maintain my own MX servers. Until not so long ago, my MXs were accepting mail from hosts which were themselves blocking mail from them. The result were that my servers received mail normaly, but then they found that they cannot answer. From the perspective of the remote user sending mail to my server, the message simply disappeared because my users or even myself had no means to inform the remote user of the fate of the message, at least by email. Having mail driven automatic services, my mailbox was full of complains and questions about the service being down, questions which I cannot even answer because the MXs of those users didn't like me. At present, rejecting those mails with an axplicative 5xx message, those users at least (if they are able to read a bounce), know that it is not my problem, it is theirs. Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Which Spam Block List to use for a network?
On Wed, Jun 23, 2004 at 09:01:24PM +1000, Russell Coker wrote: > On Wed, 23 Jun 2004 18:23, Blu <[EMAIL PROTECTED]> wrote: > > Well yes. Maybe I oversimplified. What I do is a callback to the MX of > > the envelope sender to see if it accepts mail to him/her. If not, the > > mail is rejected with an explicative 550. > > You aren't the only one who does that. I have found one other person who does > that and who happens to have their mail server in an address range that's > black-listed. So when I sent mail to them their mail server made a call-back > to mine, my server rejected that and their mail server then generated a 55x > code that tried to summarise the code from mine. Then my mail server took > that and made it into a bounce message. Of course I am not the first one doing this. In fact Exim4 has buitin capability to do so. > The resulting message was something that I could not decipher even though I > have 10 years of experience running Internet mail servers! All I could do > was post a message to a mailing list I knew the person was subscribed to and > inform them that their server was borked in some unknown way. :) Well, my approach is not that fancy. I just check if the callback passes the RCPT, and if not, issue a 550 with a short message telling that my host will not accept mail that cannot be answered. I don't expect end users to read a bounce, but many of them forwards the bounce to customer service instead and in some cases it has been enough to whitelist a server. > What would the average Internet user do in such a situation? > > The typical 55x message about a DNSBL rejection is clear enough that most > people can get some idea of what to do (IE phone the person, use a different > mail server, etc). In my experience, end users in general are not able to interpret a bounce message and they complain to admins in the best case. In the worst case, they do nothing. > The call-back idea may be good if you have a domain totally full of clueless > morons who only receive mail from skilled administrators who have experience > in dealing with call-back systems. But if you have average people exchanging > email with other average people (the common case) then it will make things > worse not better. I am not willing to deal with all the sites which reject mail from my servers for the most diverse reasons and every one with a different way of dealing with the problem, if any. If a foreign server is rejecting mail from me, without me having done anything harmful, then the problem is theirs and not mine. It is the administrator of that server who has to explain to his users why he is rejecting legitimate email. Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: How to prevent being a 'bouncer' of evil mail?
On Fri, Jun 25, 2004 at 09:03:48PM -0300, Yves Junqueira wrote: > On Fri, 25 Jun 2004 18:21:20 -0400, Kris Deugau <[EMAIL PROTECTED]> wrote: > > Yep. I've never set up exactly such a system, but for a while I had a > > Linux box acting as a gateway for a Novell IMS machine that had some > > related stupidity (DNS resolution speed issues, IIRC). I was able to > > just open a connection to the Novell box and issue RCPT TO: for each > > recipient, because it wasn't *quite* so stupid as to accept mail for > > nonexistent users. > > > > I've been lucky enough to only work with *nix mail servers except for > > that one Novell system- and it had some advantages I've yet to see in > > any *nix system. > > > [...] > But, hmmm..., even we didn't have NAV, it wouldn't help much. Let's > say Postfix (the gateway) delivers the message to Exchange, which is > "smart". Even so, AFAIR, we would have another e-mail created > notifying the failure, instead of a so desired SMTP error code. After > Postfix gets the message, it sends a success reply to the client, and > just then tries to send the mail to the destination, that will give > postfix a failure reply code. Postfix will then have to send a DSN, > right? Or could you issue the RCPT TO command to the other server > BEFORE sending the final result to the client, in the front server? I do that. A call forward to the next server in the chain to verify the recipient before accepting the mail from the sender. I use Exim though. It even caches the recipient verification results to avoid unnecesary traffic. I don't know if it is that easy with postfix, but surely it is doable. Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Which Spam Block List to use for a network?
On Wed, Jun 30, 2004 at 08:53:40AM +0200, Matej Kovac wrote: > > :) Well, my approach is not that fancy. I just check if the callback > > passes the RCPT, and if not, issue a 550 with a short message telling > > that my host will not accept mail that cannot be answered. > > you are receiving a message and you start callback to the mx if he passes > the rcpt test, but - the mx starts callback to you if you pass... [...] Actually that's not the case. The callback is done with MAIL FROM:<> Blu. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: gFTP problems?
On Sat, Jul 05, 2003 at 10:52:28PM +, Martin WHEELER wrote: > Solutions suggested so far have been to turn off, or make completely > transparent, any firewall between you and them (!!!); or to turn off > passive ftp mode. (makes no difference, incidentally) > > Symptoms under gFTP are: connection is made to the remote proFTPD 1.2.4 > server on port 21; password is requested; sent; and accepted; type is > set to l; current directory is given as "/"; system goes into passive > mode; gives message: "Receiving file names... ; then hangs until > connection times out after printing message "Cannot create a data > connection". > > Customers using Cuteftp report that turning off passive mode indeed > fixes the problem for them; any clues as to what is going on under > Linux? > (Sarge, with kernel 2.4.19 -- and I'm not using any local proxy.) Looks like the port 20 (ftp-data) is blocked somewhere. Ftp protocol uses two ports, 21 for commands and 20 to send data. In passive mode, when you make a request to the ftp server, it tries to open a conection to your machine on port 20 to send data. If the port 20 is blocked, the server times out trying to connect. With passive mode turned off, it is your ftp client which actively tries to establish a data connection, maybe through another port. Take a look at your firewall settings in case it is you who is blocking port 20, if not, it is your ISP. Blu.
Re: Why doesn't Exim ever clean out /var/spool/exim/input?
On Fri, Jan 30, 2004 at 10:35:57AM +1100, Craig Sanders wrote: > On Thu, Jan 29, 2004 at 04:37:07PM +0100, Thomas GOIRAND wrote: > > Not looking for a fight either, but... ALL the MTAs? What are the results > > for qmail then? I've always heard it's the fastest... > > no, postfix beats it. > > qmail WAS the fastest several years ago. then postfix arrived. I use qmail, and the other big problem with it is, AFAIK, that it accepts a message before checking if it has to be bounced. With forged return email addresses one get a lot of bounced bounces. Very annoying. Blu.
Re: Which Spam Block List to use for a network?
On Wed, Jun 23, 2004 at 09:56:02AM +1000, Craig Sanders wrote: > On Tue, Jun 22, 2004 at 11:37:41AM +0200, Niccolo Rigacci wrote: > > You want to block spam or viruses, this is OK but you are on the > > wrong way. > > no, it's absolutely the right way. a large percentage of spam and > almost all viruses come direct from dynamic IP addresses. block > mail from them and you instantly block most of the problem. And you block a lot of legitimate email too. In my server, my policy is to reject mail from hosts which are blocking me. This way, the sender recives a bounce with a 550 explaining that their ISP is blocking legitimate email from us. A lot of customers are not even aware of the fact that their ISP is blocking legitimate email at their backs. I have been able to white list my server in a number servers without moving a finger, just angry users calling customer service. Blu.
Re: Which Spam Block List to use for a network?
On Wed, Jun 23, 2004 at 11:19:19AM +1000, Craig Sanders wrote: > > In my server, my policy is to reject mail from hosts which are blocking > > me. > > good for you. your server, your rules. sounds like a stupid thing to do, but > you are entirely within your rights to do so. Thanks for the compliment. In fact, blocking mail which cannot be answered blocks a lot of forged sender spam too, something like 80% here, being conservative. Blu.
Re: Which Spam Block List to use for a network?
On Wed, Jun 23, 2004 at 08:32:17AM +0200, Adrian 'Dagurashibanipal' von Bidder wrote: > On Wednesday 23 June 2004 03.27, Blu wrote: > > > > In my server, my policy is to reject mail from hosts which are > > > > blocking me. > > > [...] blocking mail which cannot be > > answered blocks a lot of forged sender spam too, something like 80% > > here, being conservative. > > You did say two different things here. > > I block mail which can't be answered, too, by requiring the send domains > to exist. After an upgrade to postfix 2.1 I will consider verifying the > user part of sender addresses, too, if greylisting doesn't get the spam > down far enough. Well, if a host blocks mail from me, mail from that host is in fact unanswerable mail. It is just a subset of mail which can't be answered. > I've never had my mail rejected by some mailserver, yet, but I don't > think I would just block mail from mailservers blocking me - when my > block produces false positives, I'm glad if people tell me (the 550 > message tells them how to contact me by email without being blocked.) > So I like to extend the same courtsy to the operator of the other box. > As was said in this thread by somebody, it's all about enabling > communication, and not about making it impossible. And blocking spam > just keeps email a useful medium. My 550 tells people that it is HIS host which is blocking mail from mine and that I will accept mail from them as soon they stop blocking me. I run a number of public service servers and in the past, from the perspective of an user of a server which blocks mail from mine, the mails were being blackholed at my host. They never got an answer or even a bounce. Now, at least they know what is going on and know that the problem is their side, not mine. Finally, I keep postmaster always open, a thing that a lot of this happy blocking servers does not. Blu.
Re: Which Spam Block List to use for a network?
On Wed, Jun 23, 2004 at 10:05:50AM +0200, Andrew Miehs wrote: > > > >On Wed, Jun 23, 2004 at 08:32:17AM +0200, Adrian 'Dagurashibanipal' > >von Bidder wrote: > > > >Well, if a host blocks mail from me, mail from that host is in fact > >unanswerable mail. It is just a subset of mail which can't be answered. > > > > I think the important part here is not the host, but the domain. If the > domain does not exist or does not have any MX records, fair enough, but > just because a host doesn't want to receive mail, thats another > story... Well yes. Maybe I oversimplified. What I do is a callback to the MX of the envelope sender to see if it accepts mail to him/her. If not, the mail is rejected with an explicative 550. Blu.
Re: Which Spam Block List to use for a network?
On Wed, Jun 23, 2004 at 10:26:49AM +0200, Adrian 'Dagurashibanipal' von Bidder wrote: > On Wednesday 23 June 2004 09.51, Blu wrote: > > > I run a number of public service servers and in the past, from the > > perspective of an user of a server which blocks mail from mine, the > > mails were being blackholed at my host. They never got an answer or > > even a bounce. > > Huh? Either your servers are/were severely misconfigured, or you don't > mean the same thing as I when you talk about blocking. > > block == reject with 5xx error code in the SMTP transaction. Or possibly > block at firewall level. Yes, rejection with 5xx error, we are talking the same. > So it's the task of the upstream mailserver to generate a bounce (and > since the upstream mailserver in most cases belongs to the > administrative domain where the mail originally comes from, there's > fair chance that the bounce actually gets to the sender of the mail.) > > How did your users not receive a bounce? First, I live in a place where ISP mail servers are not trustable, so I generaly maintain my own MX servers. Until not so long ago, my MXs were accepting mail from hosts which were themselves blocking mail from them. The result were that my servers received mail normaly, but then they found that they cannot answer. From the perspective of the remote user sending mail to my server, the message simply disappeared because my users or even myself had no means to inform the remote user of the fate of the message, at least by email. Having mail driven automatic services, my mailbox was full of complains and questions about the service being down, questions which I cannot even answer because the MXs of those users didn't like me. At present, rejecting those mails with an axplicative 5xx message, those users at least (if they are able to read a bounce), know that it is not my problem, it is theirs. Blu.
Re: Which Spam Block List to use for a network?
On Wed, Jun 23, 2004 at 09:01:24PM +1000, Russell Coker wrote: > On Wed, 23 Jun 2004 18:23, Blu <[EMAIL PROTECTED]> wrote: > > Well yes. Maybe I oversimplified. What I do is a callback to the MX of > > the envelope sender to see if it accepts mail to him/her. If not, the > > mail is rejected with an explicative 550. > > You aren't the only one who does that. I have found one other person who > does > that and who happens to have their mail server in an address range that's > black-listed. So when I sent mail to them their mail server made a call-back > to mine, my server rejected that and their mail server then generated a 55x > code that tried to summarise the code from mine. Then my mail server took > that and made it into a bounce message. Of course I am not the first one doing this. In fact Exim4 has buitin capability to do so. > The resulting message was something that I could not decipher even though I > have 10 years of experience running Internet mail servers! All I could do > was post a message to a mailing list I knew the person was subscribed to and > inform them that their server was borked in some unknown way. :) Well, my approach is not that fancy. I just check if the callback passes the RCPT, and if not, issue a 550 with a short message telling that my host will not accept mail that cannot be answered. I don't expect end users to read a bounce, but many of them forwards the bounce to customer service instead and in some cases it has been enough to whitelist a server. > What would the average Internet user do in such a situation? > > The typical 55x message about a DNSBL rejection is clear enough that most > people can get some idea of what to do (IE phone the person, use a different > mail server, etc). In my experience, end users in general are not able to interpret a bounce message and they complain to admins in the best case. In the worst case, they do nothing. > The call-back idea may be good if you have a domain totally full of clueless > morons who only receive mail from skilled administrators who have experience > in dealing with call-back systems. But if you have average people exchanging > email with other average people (the common case) then it will make things > worse not better. I am not willing to deal with all the sites which reject mail from my servers for the most diverse reasons and every one with a different way of dealing with the problem, if any. If a foreign server is rejecting mail from me, without me having done anything harmful, then the problem is theirs and not mine. It is the administrator of that server who has to explain to his users why he is rejecting legitimate email. Blu.
Re: How to prevent being a 'bouncer' of evil mail?
On Fri, Jun 25, 2004 at 09:03:48PM -0300, Yves Junqueira wrote: > On Fri, 25 Jun 2004 18:21:20 -0400, Kris Deugau <[EMAIL PROTECTED]> wrote: > > Yep. I've never set up exactly such a system, but for a while I had a > > Linux box acting as a gateway for a Novell IMS machine that had some > > related stupidity (DNS resolution speed issues, IIRC). I was able to > > just open a connection to the Novell box and issue RCPT TO: for each > > recipient, because it wasn't *quite* so stupid as to accept mail for > > nonexistent users. > > > > I've been lucky enough to only work with *nix mail servers except for > > that one Novell system- and it had some advantages I've yet to see in > > any *nix system. > > > [...] > But, hmmm..., even we didn't have NAV, it wouldn't help much. Let's > say Postfix (the gateway) delivers the message to Exchange, which is > "smart". Even so, AFAIR, we would have another e-mail created > notifying the failure, instead of a so desired SMTP error code. After > Postfix gets the message, it sends a success reply to the client, and > just then tries to send the mail to the destination, that will give > postfix a failure reply code. Postfix will then have to send a DSN, > right? Or could you issue the RCPT TO command to the other server > BEFORE sending the final result to the client, in the front server? I do that. A call forward to the next server in the chain to verify the recipient before accepting the mail from the sender. I use Exim though. It even caches the recipient verification results to avoid unnecesary traffic. I don't know if it is that easy with postfix, but surely it is doable. Blu.
Re: Which Spam Block List to use for a network?
On Wed, Jun 30, 2004 at 08:53:40AM +0200, Matej Kovac wrote: > > :) Well, my approach is not that fancy. I just check if the callback > > passes the RCPT, and if not, issue a 550 with a short message telling > > that my host will not accept mail that cannot be answered. > > you are receiving a message and you start callback to the mx if he passes > the rcpt test, but - the mx starts callback to you if you pass... [...] Actually that's not the case. The callback is done with MAIL FROM:<> Blu.
