On 03/16/2013 06:36 AM, Matus UHLAR - fantomas wrote:
> On 16.03.13 10:02, Lorenzo Pistone wrote:
>> Before asking for help I tried that, but it didn't work so I assumed
>> that it wasn't really related. Now I tried again, still does'nt work.
>> I first stop all the courier services, then I add the following line to
>> /etc/courier/smtpaccess/default
>> xxx.xxx.xxx.xxx deny
>
> I recommend you using
>
> xxx.xxx.xxx.xxx allow,BLOCK="spam refused"
>
> ... btw, this is what DNS blacklist are for.
>
Rarely see anyone posting their blacklists:-) but...
from from my own /etc/courier/esmtpd (anyone is welcome to offer
corrections as some blocklists vanish over time, but currently ~95% of
connection attempts are rejected, and spam rate on my own 16 year old
"three letter domain and unchanged email address" in combo with
spamassassin is < 5 per week).
No wonder the younger generation don't like email, as the ratio of spam
to valid email is terrible, and thus eliminates the usefulness of it.
Currently I encounter no significant load on a 4 processor 8gig machine
with roughly 3Tbytes of maildir storage.
Good spamassassin hygiene (adding razor and dcc work well) is important
too, just follow the recipe on their website, and alternatives do exist.
I easily beat any of the big email providers, pricey appliances, et al,
and haven't received more than one or two an "incoming email gets
bounced" complaint from my users or contacts elsewhere in past few
years. Those complaints have all come from residential ISPs who do not
keep clean smtp senders, or like yah??.com, don't comply with RFC's.
Yes, I'm fairly lazy about updates, primarily because it works well!
BLACKLISTS="-block=sbl-zen.spamhaus.org,BLOCK \
-block=multi.surbl.org,BLOCK,127.0.0.2 \
-block=multi.surbl.org,BLOCK,127.0.0.4 \
-block=multi.surbl.org,BLOCK,127.0.0.8 \
-block=multi.surbl.org,BLOCK,127.0.0.16 \
-block=multi.surbl.org,BLOCK,127.0.0.32 \
-block=multi.surbl.org,BLOCK,127.0.0.64 \
-block=dnsbl.njabl.org,BLOCK,127.0.0.2 \
-block=dnsbl.njabl.org,BLOCK,127.0.0.3 \
-block=dnsbl.njabl.org,BLOCK,127.0.0.6 \
-block=cbl.abuseat.org,BLOCK \
-block=blackholes.five-ten-sg.com,BLOCK,127.0.0.2 \
-block=blackholes.five-ten-sg.com,BLOCK,127.0.0.3 \
-block=psbl.surriel.com,BLOCK,127.0.0.2 \
-block=dnsbl.njabl.org,BLOCK,127.0.0.8"
Hope this may be of some help. I also set the following variables in
same file as so:
BOFHCHECKDNS=1
BOFHNOEXPN=1
BOFHNOVRFY=1
TCPDOPTS="-stderrlogger=/usr/sbin/courierlogger -noidentlookup"
Note that in TCPDOPTS, I do NOT set "-nodnslookup" as my setting
lengthens connection before HELO time to just over 30 seconds. Vast
majority of bots from all those infected PC's give up at <30 seconds.
works wonders actually......
I DO have my users set smtp outbound on their clients to port 587, which
both requires authentication, and avoids the resulting 30 second
connection delay.
Summary: almost zero time is required to maintain this aspect of a
mailserver, mine handling numerous domains with tens of thousands of
good emails per day.
Good luck,
andy
------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
