Hi Sándor, On Friday 26 May 2006 19:40, Gordon Messmer wrote: > As practical advice, I recommend against doing so. By doing so, you're > solving the wrong problem. If your mail filter is accepting mail > without validating the recipients, and passing it on to courier, you can > bet that you're going to generate a *ton* of backscatter. Now, first, > the problem is going to be that you're going to bounce a whole lot of > mail to people who didn't sent it, but whose address was hijacked by > spammers. Eventually, the problem is going to hit you, too. The mail > queue on the firewall is going to fill with tens of thousands of > messages that can't be delivered, because the recipient address is > invalid, and can't be bounced, because the source address is invalid, > too. Once that happens, valid deliveries are going to start taking a > very long time, again. > > Really, you want your "firewall" to validate recipient addresses.
If you need a second opinion on this: I can only stronlgy second Gordon's advice. About 1 year my primary MX for ~300 domains ran qmail without any patches. QMail in its standard distribution is not capable of rejecting mails on SMTP-Level. It first accepts any mail, and then checks if the email-address is valid, and if not, a Non-Delivery-Notification is generated. I was swamped with backscatter and the server was more busy trying to deliver the Non-Delivery-Notifications than delivering legit mails. There were almost always 1000+ mails in my queue, most of them backscatter. Then I switched to courier with mail rejection on SMTP-Level. To give you some figures: the average number of mails in the queue is now ~50. And if you're paying for your traffic by volume you be interested in the fact that I was able to cut my mail-traffic down to 1/10th after I switched to courier. With QMail I had about 300GB per month, with courier I have a mere 30GB per month. The bottom line being: maybe you should consider setting up a courier server who knows all valid e-mail-addresses in a DMZ and then forwards any _valid_ e-mail through via the firewall to a courier server behind the firewall. Otherwise you could try to turn off the SMTP-proxy in your firewall and do a straight port forwarding letting the courier server behind your firewall handle all the SMTP-traffic (though for security reasons I'd strongly suggest setting up the DMZ). HTH and I didn't bore you :) -- Regards, Arno. _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
