[CentOS] Kind of OT: internal imap server

Les Mikesell lesmikesell at gmail.com
Fri Aug 25 18:34:26 UTC 2006


On Fri, 2006-08-25 at 18:52 +0100, Andy Green wrote:

> > Unfortunately the amount of real mail you intend to handle doesn't
> > relate much to what can happen when you plug into the internet.
> 
> Hm well I run my own MX that is "on the Internet" and have done for a 
> couple of years or more, and I do it with Postfix on a residential cable 
> modem.  I have never had these spamfloods, Every day my daily logs for 
> this and other machines show one or more attempts to relay which fail 
> during SMTP time, so they go somewhere else. 

Do you want some?  My maillog shows 625856 rejects in the last 5 days.
We have had some employee turnover so some are to previously valid
addresses, but most are to things like seg04_831 at domain and 
segark862 at domain, and so on.

>  Often the recipient on the 
> relaying attempt is undeliverable, they're just interested if you'll 
> take it.  I guess if you take their probes, then you get the Zombie army 
> hammering at the door.

Yes, I suppose this is still a lingering after effect of long ago
having a qmail box answering for that domain (it was an appliance-like
SME server - I wouldn't have set one up like that otherwise...). But
they've been getting rejected at that rate for a couple of years now
and still coming.

> If you set your MTA (whatever it is) up with
> 
>   - reject unknown usernames (much virus mail and a fair amount of spam: 
> gone)

The difficulty here is that my internet-reachable relays don't actually
have any users. 

> Because all of these operate at SMTP transaction time the problems you 
> point out don't result in dodgy bounces that are sent to the alleged 
>  From guy. 

MimeDefang allows checking for valid addresses at the delivery host
during the SMTP transaction before accepting at the relay.  I know there
are ways to propagate all of your usernames and aliases in LDAP or other
network database form so other MTAs could have the same functionality,
but
MimeDefang lets you use the real thing in real time without setting up
other copies.

-- 
   Les Mikesell
     lesmikesell at gmail.com






More information about the CentOS mailing list