In my experience SPF isn't deployed widely enough to be a reliable technology on its own for identifying spam. There are just too many ISPs out there running mail servers, and sending legitimate email, that don't identify in SPF. You'll get many false positives.
Although I'm not using courier-mta instead of postfix, I'm using blacklists with very good results on FMP's small commercial mail server. The lion's share of blocking is done based on the Composite Blocking List. See <http://cbl.abuseat.org/>, although I have several others in the mix. Courier doesn't mess with an inbound SMTP connection attempt if it identifies in a BL, but simply rejects the connection out front with an error, which should cause the sending system to issue a DSN in the case of falsely identified spam - of which I see extremely little. I expect postfix works in a similar way. This delays the connection somewhat, but you don't end up with dozens of spam-bots tying up your SMTP server because they fail to properly disconnect when they are told they're trying to send to a nonexistent mailbox. On Fri, 2007-11-30 at 11:34 +0000, Kerin Millar wrote: > On 30/11/2007, Arturo 'Buanzo' Busleiman <[EMAIL PROTECTED]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA512 > > > > Randy Barlow wrote: > > > I am getting a huge number of connections to my mail server (postfix) > > > compared to usual. I've seen as many as 50 connections open at one > > > time. The logs show that the connections are from several computers of > > > varying IPs, and they are all trying to send mail to random mailboxes on > > > my domain. It's very annoying, and I have noticed that inbound mail > > > seems to be lagging by several hours. Is there something similar to > > > denyhosts for spammers? Any other suggestions? > > > > Check those IPs against: www.robtex.com/rbl > > Choose your favorite blacklists (test them, some of them provide too many > > false positives) and > > implement with them DNSBL/RBL in your postfix. Also, SPF and greylisting > > make a good job. > > Regarding SPF, I'd just like to add that the SPF policy daemons (which > can be integrated into postfix very easily) are available at > http://www.openspf.org/Software. There are implementations in perl and > python and, as luck would have it, the python version is available in > portage as mail-filter/pypolicyd-spf. If you choose to endorse SPF > then don't forget to define records for one's own domains! A helpful > document describing SPF syntax can be found here: > http://www.openspf.org/SPF_Record_Syntax. > > Regards, > > --Kerin -- [EMAIL PROTECTED] mailing list
