On 24/05/2013 02:24, Kristian Duus Østergaard wrote:
> Hi,
>
> My smtp server is currently using identlookup and I think it is one reason
> that
> I don't receive a ton of Spam.
>
> Unfortunately some of my users receive mails from a domain that has a very
> short
> timeout and drops identlookups at the firewall, instead of rejecting them.
> This
> results in no mails coming through to my users from the domain in question and
> me getting asked how many other domains does this happen from. My own
> approximate count indicates that only 1.6% of the failing connections are from
> legit servers.
>
> So my questions are really :
> What is your experience with identlookups ?
> Should I stop using it on my server and risk more Spam ?
> When you discover a problem with a server what do you do ?
> Do any of you have automated scripts to inform the postmaster in the other
> end that you do have a server and it actually can respond ?
> Does courier have any filtering function for this very special scenario ?
>
> Sorry for the long rant..
>
> Regards
> Kristian Duus Østergaard
Hi all,
I know that Courier lets you set server-specific options, as well as
domain specific.
Is it possible currently, or would it be possible to implement, this for
the {no,}identlookup option?
This would allow you to more easily work-around this broken server by
telling Courier to use identlookups by default, but not for connections
from this host.
I have turned identlookup off on my server, but I use the greylisting
module from PythonFilter.
As the server is only used by myself, the initial delay of 5+ minutes is
worth virtually no spam.
Email was never designed as a time-critical service, and should NEVER be
treated as such. But that's another discussion for another day.
The better solution to your problem, Kristian, is definitely to (attempt
to) contact the broken server's admin to advise them of this issue. But
postmaster@ or admin@ might not be set as valid destinations, or not
delivered to a mailbox which is read on a regular/routine basis.
You could also put a firewall rule in which REJECTs the identlookup
packets sent from your email server toward theirs. This would
work-around the impatience as well.
Good luck.
Cheers,
Tim Lyth
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
