Re: Networking -- use of two Internet connections for one server with round robin DNS -- web okay, but should I do mail this way too?

[lee <lee@yun.yagibdah.de>]

Stan Hoeppner <stan@hardwarefreak.com> writes:

> On 7/10/2011 7:26 AM, lee wrote:
>> Stan Hoeppner <stan@hardwarefreak.com> writes:
>> 
>>> On 7/9/2011 12:00 PM, lee wrote:
>>>
>>> Just checking for the existence of rDNS is no longer sufficiently
>>> effective against bot spam from infected residential hosts.  This is
>>> because many/most? ISPs have rDNS for most of their IP addresses,
>>> whether dynamic or static.
>> 
>> Well, most rejects are because the HELO checks fail.  There are only a
>> very few that fail because of the rDNS check.  There isn't much SPAM
>> getting through; I'm getting less than one message per day.
>
> If your EHLO check is first it would make sense that it will reject more
> than the rDNS check.  Reverse the order and you may see that metric
> reversed.  It's good to hear you're not seeing much with your setup.
> I'd guess you have low mail flow on that host.

Yes, the HELO checks are first.  It seems to make sense that way.

What do you consider low mail flow?

>>> http://www.hardwarefreak.com/fqrdns.pcre
>
> I take it you are you really new to managing a mail server.  dnsbls have
> been around forever, and every mail OP uses one or another, if not 5 or
> more.

That they are around for a long time doesn't mean that I have to like
them or to have others decide what mail to accept or not to accept.

> Have you heard of SpamAssassin?  Both restrictions make
> reject/keep decisions for you.  Using this PCRE table is no different in
> that regard.

Spamassassin seems to be doing a good job; I don't know about your
table.  Both ways of filtering make decisions for me --- that's the
idea.

>>> This Postfix PCRE table consists of 1600+ rDNS patterns of residential
>>> broadband/SOHO ISPs around the world, and is extremely effective at
>>> killing bot spam, while putting very little load on your server.
>> 
>> Sounds like it must have taken quite some work to put the list together,
>> and it would need to be maintained.  
>
> The table was built over a relatively long period of time, and does take
> a small amount of time to maintain.  ISPs don't add new residential rDNS
> patterns very often.  When we spot a new one a regex is created to match
> it.  Changes average about one add every 1 to 2 months.

Hm, that's a pretty low rate.

>> Won't graylisting work as well?
>
> I see than indeed you are new.  Greylisting will usually defeat bot spam
> as bots never retry.  The problem is the delivery delay introduced
> (minutes to hours).  This doesn't work for those ordering last minute
> air fare and need to print their boarding pass.  With greylisting that
> boarding pass email may arrive an hour later.  Greylisting also sucks
> system resources due to the triplet database.

Since when can anyone take a given delivery time of emails for granted?
I can see people being stupid enough to do that, though.  The delay with
graylisting remains a disadvantage.

> The fqrdns.pcre table gives most of the "catch" performance of
> greylisting without the downsides.

I can see why you like it.  How do you make sure that mail you want to
receive isn't rejected when using the table?


-- 
html messages are obsolete