Carlos E. R. wrote: > > The Sunday 2007-03-04 at 10:49 +0100, Sandy Drobic wrote: > >> Carlos E. R. wrote: > >>>> I see a lot of regular servers announcing themselves as "mail.intranet" or >>>> "exchange.local" and the like. >>> Well, what I'm bothered is receiving email from my ISP boxes with false >>> envelope from.I don't understand why they don't check it. My postfix >>> doesn't accept it, so fetchmail leaves it there - but it doesn't delete >>> them either: a dns failure can be temporary, so mail is not rejected >>> finally, but given a "try later". That's how it should be, but... it means >>> I have to go and delete them manually from the boxes. I might be better >>> off by accepting them and letting spamassassin take care of those... >> Policy decision. In our company I also use "reject_unknown_sender_domain", >> but I doubt that I would use it on an ISP mailserver. The best case would >> be to offer several classes of anti-spam measures and let the customer >> decide which one to choose. > > Why not on an ISP? Resources? I'm curious... if you convince me, I'll stop > being mad at them ;-)
I'll definitely won't try to persuade you not to be mad any longer. (^-°) The more people are mad the likelier it is that someday the situation may change. The reason is very pragmatic and comes in three parts. - It's mostly the number of idiots that can't configure servers and yet they are tasked with that very job. Often they have so many different jobs to do that they simply don't have the time and energy to set up a system as it should be done. - the number of idiots that don't care why the mail is rejected, they simply want the mail and complain afterwards that they receive too many spams. - the time you have to manage your server and fight spam. On my private server here at home I very seldom see any spam at all, because I can hand-tailor the restrictions to fit my needs. I think in the last 15 month I only had about 5 spams in my inbox, three of them I sent to an unrestricted address to test if the spam configuration was still working. (^-^) The number of idiots that try to sent crap to my server is very low, I can set up a manual whitelist for these guys, provided I am interested in their mails at all. On our company mailserver I have a completely different situation. I don't know anymore, who is communicating with who, we have contacts all around the world, yes also to Taiwan, China, South Corea, Chile, South Africa, you name it. I also was very suprised to see that from one server I had only received spam so far (an Italian ISP server), suddenly there seemed to be a valid mail. Still, the volume is low enough for me to monitor the log excerpt fairly closely, and most of the time our mailserver is just idling. In spite of that I must adhere to the management order that said: "accept all mails we are interested in, reject spam as second priority". That is why I can't reject some spam. Even measures like greylisting and blacklists are used selectively, not on all clients. As a big company or an ISP you have very little time to manage your server compared to the mail volume you receive. The server is not idling along any more, it is instead sometimes taxed to the physical limit. So you do not track the log very closely, instead you monitor the overall situation, set up policies that are the best compromise for the demands of many customers/users and set up things as automated as possible. The number of clueless people/admins you have to deal with is daunting, so you are acting pragmatic with the situation and don't try to change it. > > So far, I have never received a good email from a bad sender domain, all > of them are spam. In my whitelist I already have a few dozen broken sites. Sometimes they see that they have problems and change their configuration with other broken settings so fast I can't keep up and their mail is rejected permanently. My situation is a mixed case, the mail volume is low, but I have a lot of other tasks at work, so I can't spend that much time on the mailserver. Add to that the consideration that I don't want to create such a convoluted setup that nobody else has a hope to understand. We are already at the point that I have rather created a VMWare double than try to explain to a not-linux-savvy collegue, how the mail system works and how to debug it. In case of trouble with the primary mailserver he can just change to the VMWare setup and let me solve the problem when I am present again. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
