Qmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: rfc 931

from [Jeremy Kitchen] [Permanent Link][Original]
To: qmail@list.cr.yp.to
Subject: Re: rfc 931
From: Jeremy Kitchen <kitchen@scriptkitchen.com>
Date: Thu, 21 Dec 2006 03:44:55 -0800
Delivered-to: sp-com-lists@consult.net
Delivered-to: gmail-qmail@securepoint.com
Delivered-to: sp.com.list@gmail.com
Delivered-to: mailing list qmail@list.cr.yp.to
In-reply-to: <585bd7150611181518w7027aa18i2c63629f476ba8ae@mail.gmail.com>
Mailing-list: contact qmail-help@list.cr.yp.to; run by ezmlm
References: <585bd7150611181518w7027aa18i2c63629f476ba8ae@mail.gmail.com>
User-agent: Thunderbird 1.5.0.9 (Windows/20061207) 
Eric d'Alibut wrote:
> I've been mulling over the recent (helpful!) threads on anti-spam
> measures. In Chris Hardie's gmail anti-Spam How-to (helpful!),
> 
> http://www.chrishardie.com/tech/qmail/qmail-antispam.htm
> 
> there is mention of this /etc/hosts.allow technique:
> 
> ALL : PARANOID : RFC931 20 : deny
> 
> In a little testing I have found at least one major email provider who
> doesn't seem to be able to deliver past this test. Is this unusual? Or
> is this test too stringent for most uses?

first off, you mis-pasted the URL, the correct URL has a .html
extension, not .htm:
http://www.chrishardie.com/tech/qmail/qmail-antispam.html

second, it points out a method of rejecting hosts with improper reverse
DNS that involves scripting in the run script.  This is unnecessary.
tcpserver and rblsmtpd can do this for you:

=:allow
:allow,RBLSMTPD="bad reverse dns"

(so you don't need that screwy echo (which might cause problems with
some legitimate MTA software) or the rhost-check program.

and third:
there is an rblsmtpd invocation with no arguments other than
qmail-smtpd.  This is flawed.  The default action if no rbl providers
are specified is to use an rbl list that is no longer available.
Attempting to use this will cause massive delays before the SMTP
greeting shows up, and will block absolutely no connections whatsoever.

oh, and fourth ;)  It references relays.ordb.org which is now,
unfortunately, defunct, as of 12/18/2006.

anywho, to address your overall question:
I have enabled such blocking in the past and found that it blocked too
much legitimate mail.  I actually blacked out one of the mailing lists I
frequented at the time and didn't notice it for several days (I had been
wondering why the list was so quiet!).  Sure, it may have blocked *some*
spam, but it's such a trivial hurdle for a spammer to overcome that
really it's not worth it if you ask me.  Note, however, that I *do* have
paranoid mode enabled on my tcpserver, but that's simply because I have
some reverse dns based rules in my tcprules file and I need to make sure
nobody is trying to spoof them :)

-Jeremy

Attachment: signature.asc
Description: OpenPGP digital signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: rfc 931, Jeremy Kitchen <=
Previous by Date:  Re: holding mail delivery, Jeremy Kitchen
Next by Date:  Re: relayclient, Gerrit Pape
Previous by Thread:  Re: holding mail delivery, Jeremy Kitchen
Next by Thread:  Re: rfc 931, Charles Cazabon
Indexes:  [Date] [Thread] [Top] [All Lists]