Re: Networking -- use of two Internet connections for one server with round robin DNS -- web okay, but should I do mail this way too?
Stan Hoeppner <stan@hardwarefreak.com> writes:
> On 7/10/2011 7:26 AM, lee wrote:
>> Stan Hoeppner <stan@hardwarefreak.com> writes:
>>
>>> On 7/9/2011 12:00 PM, lee wrote:
>>>
>>> Just checking for the existence of rDNS is no longer sufficiently
>>> effective against bot spam from infected residential hosts. This is
>>> because many/most? ISPs have rDNS for most of their IP addresses,
>>> whether dynamic or static.
>>
>> Well, most rejects are because the HELO checks fail. There are only a
>> very few that fail because of the rDNS check. There isn't much SPAM
>> getting through; I'm getting less than one message per day.
>
> If your EHLO check is first it would make sense that it will reject more
> than the rDNS check. Reverse the order and you may see that metric
> reversed. It's good to hear you're not seeing much with your setup.
> I'd guess you have low mail flow on that host.
Yes, the HELO checks are first. It seems to make sense that way.
What do you consider low mail flow?
>>> http://www.hardwarefreak.com/fqrdns.pcre
>
> I take it you are you really new to managing a mail server. dnsbls have
> been around forever, and every mail OP uses one or another, if not 5 or
> more.
That they are around for a long time doesn't mean that I have to like
them or to have others decide what mail to accept or not to accept.
> Have you heard of SpamAssassin? Both restrictions make
> reject/keep decisions for you. Using this PCRE table is no different in
> that regard.
Spamassassin seems to be doing a good job; I don't know about your
table. Both ways of filtering make decisions for me --- that's the
idea.
>>> This Postfix PCRE table consists of 1600+ rDNS patterns of residential
>>> broadband/SOHO ISPs around the world, and is extremely effective at
>>> killing bot spam, while putting very little load on your server.
>>
>> Sounds like it must have taken quite some work to put the list together,
>> and it would need to be maintained.
>
> The table was built over a relatively long period of time, and does take
> a small amount of time to maintain. ISPs don't add new residential rDNS
> patterns very often. When we spot a new one a regex is created to match
> it. Changes average about one add every 1 to 2 months.
Hm, that's a pretty low rate.
>> Won't graylisting work as well?
>
> I see than indeed you are new. Greylisting will usually defeat bot spam
> as bots never retry. The problem is the delivery delay introduced
> (minutes to hours). This doesn't work for those ordering last minute
> air fare and need to print their boarding pass. With greylisting that
> boarding pass email may arrive an hour later. Greylisting also sucks
> system resources due to the triplet database.
Since when can anyone take a given delivery time of emails for granted?
I can see people being stupid enough to do that, though. The delay with
graylisting remains a disadvantage.
> The fqrdns.pcre table gives most of the "catch" performance of
> greylisting without the downsides.
I can see why you like it. How do you make sure that mail you want to
receive isn't rejected when using the table?
--
html messages are obsolete
Reply to: