On 05/23/2013 12:24 PM, Kristian Duus Østergaard wrote: > Hi, > > My smtp server is currently using identlookup and I think it is one reason > that > I don't receive a ton of Spam. > > Unfortunately some of my users receive mails from a domain that has a very > short > timeout and drops identlookups at the firewall, instead of rejecting them. > This > results in no mails coming through to my users from the domain in question and > me getting asked how many other domains does this happen from. My own > approximate count indicates that only 1.6% of the failing connections are from > legit servers. > > So my questions are really : > What is your experience with identlookups ? > Should I stop using it on my server and risk more Spam ? > When you discover a problem with a server what do you do ? > Do any of you have automated scripts to inform the postmaster in the other > end that you do have a server and it actually can respond ? > Does courier have any filtering function for this very special scenario ? > > Sorry for the long rant.. > > Regards > Kristian Duus Østergaard
Consider it an effective orthogonal version of greylisting (which often causes other greater problems unfortunately)? Enabled, it typically tends to hold the inbound smtp connection open ~30 seconds before a "HELO" smtp conversation is allowed to begin. Turns out numerous virus/malware bots drop their tcp connection right at the 30 second mark. (yet another reason also why port 587 is a better choice for local relaying end user clients/senders such they do not experience the hold time, entirely a different issue though and not helpful to your experience) It's very effective in reducing spam in my system, testing with either setting a couple years ago the effective cut rate of 2/3 or more. In combo with good RBL selection, I see 90% of connection attempts dropped/rejected/etc, and still my users receive their good mail. My users complained more when it was disabled, and many have been shielded for so long against spam they don't understand why users of other systems complain about spam:-) It may be possible to manipulate your firewall to respond with a bogus lovel affirmative indent for just the domain name of the impatient MTA. Just a thought, but not terribly complicated depending upon what you front your servers with (even a simple ufw rule might do the trick?) Many variables in that idea only you might be able to decide if it's feasible or not. In the same respect, it would be nice to have a simple BGP feed to block various known "bad neighborhoods" out there on the Internet........ Good luck, andy ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
