On Thu, Aug 10, 2006 at 09:48:25PM +0200, Rogier Krieger wrote:
> On 8/10/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
> >Note that at least Postfix has an independent greylisting implementation
>
> True and these implementations may even be quite nice. I never felt
> much of a need to try it out after having setup spamd.
I can imagine.
> >Both are likely to work with STARTTLS; spamd isn't going to do that.
>
> And spamd shouldn't, either. For submission purposes, the clean
> solution is use an alternate port (as it's a different bit of the
> e-mail system).
>
> For user mail submission, I see no real need to use spamd, either.
> Tracing (and handling) offending users is relatively simple once
> they're authenticated.
>
> Keep a few sanity checks (e.g. no more than X recipients for a message
> or no more than 100 messages a minute) for virus detection and/or
> quarantine purposes if you please.
This also helps against compromised boxes - i.e., it limits the damage.
So it's generally a good idea to have some limit.
Also, while STARTTLS does have its merits, it's still better suited for
handling MTA authentication than protecting user data - use GPG for the
latter.
Joachim
