[CentOS] postfix tightening

Sat Apr 2 08:02:14 UTC 2005
Craig White <craigwhite at azapple.com>

On Fri, 2005-04-01 at 21:35 -0600, Mark A. Lewis wrote:

> So, here is the problem.
> Lets say that Acme Widget has their mail hosted with Hostco. Acme Widget
> would rather not have mail.hostco.com in the mail headers for whatever
> reason. So, hostco doesn't setup a ptr record for it. This does not make
> Acme Widget or Hostco any more likely to be spammers, it just makes you
> more likely to drop their mail.
if they have the 'vanity' to want the mail server to have the smtp
server that they use actually tag mail with their domain, they should be
prepared to pay for the privilege.
> Now, the other side of that...
> Foospam wants to send out 87 bazillion mail messages to everyone about
> fooagra. So, they set their mail server to helo with fooco.com and set
> the ptr record to be mail.fooco.com and they just danced right by all of
> this with very minimal effort. For that matter, you can use whatever ptr
> your ISP sets up for you.
but you know and I know that they are gonna show up on RBL lists if they
> The whole accountablity thing is a fallacy. I can buy a domain right now
> for $8, put whatever I want in the whois info and just use that for the
> ptr record part, it could be a throwaway domain for all I care. At the
> end of the day, it bought the person reciving the spam nothing.
up to the point that they still need an smtp server whose ip address
resolves via dns.
> Reverse DNS or not, you can see what IP the mail came from, you can tell
> who is the owner of that IP and they can find out what user has that IP.
> The problem is that most of them are simply unwilling to do so, they
> ignore mail to the abuse address or just give you a canned answer.
this is a separate problem - some are responsive and concerned about
what happens on their ip space and bandwidth
> My point is that relying on this only makes you more likely to drop
> legit mail and poses no problem to the spammers.
every thing that you do to reduce spam makes you more likely to drop
legit mail - that of course is the challenge facing us now.

I think that this very much poses problems for spammers - so does RBL's
and greylisting - of course, combatting spam tends to be done like
security, in layers and if you have a layer that picks off a percentage
of emails, it all contributes to the benefit. This is but one tool at
your disposal. Like using RBL's, this is not perfect.

Let's not forget that a large amount of spam is being spewed by
compromised systems on dynamic broadband ip space and stopping this is a
good thing.