[CentOS] Kind of OT: internal imap server
Andy Green
andy at warmcat.com
Fri Aug 25 17:52:13 UTC 2006
Les Mikesell wrote:
>> If you are handling relatively low volumes of mail, say the low tens of
>> thousands a day, and "mail guy" is not a shout you respond to, then I
>> strongly recommend not becoming a white-coated acolyte to these and to
>> make the smaller brain-investment needed to get Postfix working great.
>
> Unfortunately the amount of real mail you intend to handle doesn't
> relate much to what can happen when you plug into the internet.
Hm well I run my own MX that is "on the Internet" and have done for a
couple of years or more, and I do it with Postfix on a residential cable
modem. I have never had these spamfloods, Every day my daily logs for
this and other machines show one or more attempts to relay which fail
during SMTP time, so they go somewhere else. Often the recipient on the
relaying attempt is undeliverable, they're just interested if you'll
take it. I guess if you take their probes, then you get the Zombie army
hammering at the door.
If you set your MTA (whatever it is) up with
- reject unknown usernames (much virus mail and a fair amount of spam:
gone)
- reduce the stock usernames in /etc/aliases, keep the RFC ones
- greylist one way or another (10 mins seems to work fine)
- reject non-FQDN HELO
- optionally reject "unknown" HELOs, ie, alleged mailservers that lack
reverse DNS
you will knock out the vast bulk of your enemies before you spend any
real CPU or bandwidth on them. So far I did not need to look at the
next step, doing a fake DNS lookup on one of the realtime blackhole lists.
Because all of these operate at SMTP transaction time the problems you
point out don't result in dodgy bounces that are sent to the alleged
From guy. Anything that can't be talked out of sending dodgy bounces
to the alleged From guy would indeed be evil.
> That's not the worst part of the license. The real problem is that
> qmail as written has several logical flaws, the above-mentioned
> being the most obvious, and the license states that no one is
> allowed to distribute modified versions so it can't be fixed
> without completely replacing components.
he he what a nonsense license. It's up there with Creative Commons
Non-commercial stopping radio stations playing liberally licensed music
as needing a shooting yourself in the foot award.
-Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4492 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20060825/a0dc0384/attachment.bin>
More information about the CentOS
mailing list