On Fri, Jan 11, 2013 at 09:27:23AM -0800, Duane Winner wrote: > Does anyone have any ideas on how to deal with this? [snip]
Amazon's cloud has been a prolific long-term source of spam and other forms of abuse (e.g., brute-force ssh attacks). Thus it's long since been a best practice to refuse all email from hosts in compute-1.amazonaws.com and compute.amazonaws.com subdomains, and no doubt unless serious efforts are made to address this, blocking of incoming SMTP connections from Amazon's cloud will eventually increase in both scope and coverage. Not that this is your fault, of course. But unless you can convince Amazon to take an active interest in controlling *outbound* abuse from their operation, there's little you can do about it. So my recommendation is to set up a VPN tunnel from your Mailman host to a (secure) SMTP relay outside their network space. (And of course outside other problematic network spaces; check Spamhaus and similar resources first.) Let the host inside Amazon do the heavy lifting of running Mailman and so on, let the one outside do the simple work of just relaying outbound traffic. OpenBSD+postfix+BIND on very low-end hardware should suffice, and as long as it only relays traffic handed off via the VPN, you should be okay. (Incidentally, verifying senders has no anti-spam value. I get spam by the megabyte in my spamtraps all day, every day, from verified senders and from verified hosts.) ---rsk ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
