On 24/05/2013 02:24, Kristian Duus Østergaard wrote: > Hi, > > My smtp server is currently using identlookup and I think it is one reason > that > I don't receive a ton of Spam. > > Unfortunately some of my users receive mails from a domain that has a very > short > timeout and drops identlookups at the firewall, instead of rejecting them. > This > results in no mails coming through to my users from the domain in question and > me getting asked how many other domains does this happen from. My own > approximate count indicates that only 1.6% of the failing connections are from > legit servers. > > So my questions are really : > What is your experience with identlookups ? > Should I stop using it on my server and risk more Spam ? > When you discover a problem with a server what do you do ? > Do any of you have automated scripts to inform the postmaster in the other > end that you do have a server and it actually can respond ? > Does courier have any filtering function for this very special scenario ? > > Sorry for the long rant.. > > Regards > Kristian Duus Østergaard
Hi all, I know that Courier lets you set server-specific options, as well as domain specific. Is it possible currently, or would it be possible to implement, this for the {no,}identlookup option? This would allow you to more easily work-around this broken server by telling Courier to use identlookups by default, but not for connections from this host. I have turned identlookup off on my server, but I use the greylisting module from PythonFilter. As the server is only used by myself, the initial delay of 5+ minutes is worth virtually no spam. Email was never designed as a time-critical service, and should NEVER be treated as such. But that's another discussion for another day. The better solution to your problem, Kristian, is definitely to (attempt to) contact the broken server's admin to advise them of this issue. But postmaster@ or admin@ might not be set as valid destinations, or not delivered to a mailbox which is read on a regular/routine basis. You could also put a firewall rule in which REJECTs the identlookup packets sent from your email server toward theirs. This would work-around the impatience as well. Good luck. Cheers, Tim Lyth ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users