On 09.09.11 17:20, Matus UHLAR - fantomas wrote:
due to many spam problems (outbreaks) in history, we check for
spamminess on outgoing mail servers.
However there are rules that should not apply on them.
- Dynamic/blacklist (except URIBL) checks
I can avoid these by defining local server to
due to many spam problems (outbreaks) in history, we check for
spamminess on outgoing mail servers.
However there are rules that should not apply on them.
- Dynamic/blacklist (except URIBL) checks
I can avoid these by defining local server to msa_networks
- ALL_TRUSTED
I'm sure I have to turn
Am 09.09.2011 17:20, schrieb Matus UHLAR - fantomas:
due to many spam problems (outbreaks) in history, we check for
spamminess on outgoing mail servers.
However there are rules that should not apply on them.
- Dynamic/blacklist (except URIBL) checks
I can avoid these by defining local server to
Hello,
due to many spam problems (outbreaks) in history, we check for
spamminess on outgoing mail servers.
However there are rules that should not apply on them.
- Dynamic/blacklist (except URIBL) checks
I can avoid these by defining local server to msa_networks
- ALL_TRUSTED
I'm sure I
Am 09.09.2011 17:20, schrieb Matus UHLAR - fantomas:
Hello,
due to many spam problems (outbreaks) in history, we check for
spamminess on outgoing mail servers.
However there are rules that should not apply on them.
- Dynamic/blacklist (except URIBL) checks
I can avoid these by defining
Hi,
On Tue, Feb 16, 2010 at 04:44:05PM -1000, Alexandre Chapellon wrote:
Le mercredi 17 fe'vrier 2010 a` 01:38 +0100, Karsten Bra:ckelmann a e'crit :
...
The one using SMTP-AUTH to relay spam through my servers are most of the time
IP address outside of my network... I imagine they have
Alexandre Chapellon wrote:
I am an ISP with over 5 users (wich is not that big for an isp)
permannently connected.
I can hardly imagine to manage the poilicies of all my customer, and I
know they would really don't like it.
What if your ISP told you what you got to do, where to go and to
Alexandre Chapellon wrote:
Not public blacklists but for example Yahoo!'s servers spends most of
its days replying defered temporarily due user complaints' o our
relays.
Start building a good reputation at Yahoo for your clean outgoing mail:
- allocate a new IP address for your new 'clean'
On Tue, 2010-02-16 at 17:11 -1000, Alexandre Chapellon wrote:
Yes but most of the time (here) undeliverable mails are undeliverable
because of recipient over quota, wrong mx records on dst domain or
things like this... I can explain this to my customer. By cons I
cannot tell him we silently
Alexandre,
To answer your first question, yes we filter outbound mail. We were once
in the same position as you are now and corrected the problem
successfully. All the advice given is good and I can attest that it will
work.
We first created a separate outbound service with authenticated smtps
Mark Martinec wrote:
SA already has some awareness of mail flow direction (inbound vs.
outbound) through its trusted_networks/internal_networks/msa_networks
settings, and recognizes authentication signs in Received header fields,
as well as its whitelist_bounce_relays awareness, so it should be
Charles Gregory wrote:
... but any legitimate mail that is blocked will
result in their MUA (Outlook) displaying an error message. This is GOOD. :)
My experience has been that Outlook in particular (not Outlook Express
or its descendant Windows (Live) Mail) does NOT in fact display SMTP
Hi Alexandre,
On Tue, Feb 16, 2010 at 11:44:35AM -1000, Alexandre Chapellon wrote:
I am an ISP with over 5 users (wich is not that big for an isp)
permannently connected.
FYI: similar scale here.
I can hardly imagine to manage the poilicies of all my customer, and I know
they would
On Wed, 17 Feb 2010, Kris Deugau wrote:
My experience has been that Outlook in particular (not Outlook Express
or its descendant Windows (Live) Mail) does NOT in fact display SMTP
error messages exactly as the server spits them out. :(
Sorry. You've heard that old phrase goes without saying?
Hello the list,
I have a quite buggy customer network, full of zombie PCs that spends
all days sending spam and wasting the whole reputation of my networks.
As a result it sometimes become quite hard to delivers queues for
specific domains such as Yahoo!'s hosted ones. Indeed they have some
temp
Slightly OT. To get 'control' of what my MX does at SMTP time I installed
a simple SMTP daemon called 'Mail Avenger', which acts as a front end to
my spamassassin and postfix. It's scripting capabilties allow for such
interesting things as tracking the volume of mail sent by any one IP over
On Tue, 2010-02-16 at 08:44 -1000, Alexandre Chapellon wrote:
Hello the list,
I have a quite buggy customer network, full of zombie PCs that spends
all days sending spam and wasting the whole reputation of my
networks.
1) Are you already using separate inbound and outbound mail servers?
2)
I know your not going to want to hear this because your looking
for a quick fix, but nothing substitutes for good network design.
Your buggy customer network should enforce the following:
Direct SMTP transmission (port 25) is filtered so that only
machines designated as mailservers are allowed
Hi Alexandre,
At 10:44 16-02-10, Alexandre Chapellon wrote:
I have a quite buggy customer network, full of zombie PCs that
spends all days sending spam and wasting the whole reputation of my networks.
Do they send these messages through your mail server?
As a result it sometimes become quite
Le mardi 16 février 2010 à 20:29 +, Martin Gregorie a écrit :
On Tue, 2010-02-16 at 08:44 -1000, Alexandre Chapellon wrote:
Hello the list,
I have a quite buggy customer network, full of zombie PCs that spends
all days sending spam and wasting the whole reputation of my
networks.
I am an ISP with over 5 users (wich is not that big for an isp)
permannently connected.
I can hardly imagine to manage the poilicies of all my customer, and I
know they would really don't like it.
What if your ISP told you what you got to do, where to go and to forget
about your buggy OS your
Le mardi 16 février 2010 à 12:46 -0800, SM a écrit :
Hi Alexandre,
At 10:44 16-02-10, Alexandre Chapellon wrote:
I have a quite buggy customer network, full of zombie PCs that
spends all days sending spam and wasting the whole reputation of my
networks.
Do they send these messages
Alexandre Chapellon wrote:
Le mardi 16 février 2010 à 20:29 +, Martin Gregorie a écrit :
Obvious choices for (4), in order of hitting the infected user with a
successively bigger clue stick, are:
- silently discard the spam,
but you'll also throw away false positives.
Using
On Tue, 2010-02-16 at 11:38 -1000, Alexandre Chapellon wrote:
Le mardi 16 février 2010 à 20:29 +, Martin Gregorie a écrit :
I have a quite buggy customer network, full of zombie PCs that spends
all days sending spam and wasting the whole reputation of my
networks.
1) Are you
It is standard practice in the ISP industry to block outgoing port
25 nowadays on dynamically assigned addresses.
This is not a barrier to your customers using another mailserver
(google, gmail, etc.) because all of those businesses support
Auth-SMTP on the submission port 587. In fact,
Alexandre Chapellon wrote:
Le mardi 16 février 2010 à 12:46 -0800, SM a écrit :
Hi Alexandre,
At 10:44 16-02-10, Alexandre Chapellon wrote:
I have a quite buggy customer network, full of zombie PCs that
spends all days sending spam and wasting the whole reputation of my networks.
Do they
On Tue, 2010-02-16 at 11:49 -1000, Alexandre Chapellon wrote:
I have a quite buggy customer network, full of zombie PCs that
spends all days sending spam and wasting the whole reputation of my
networks.
Do they send these messages through your mail server?
Mostly not but thoose who
like to re-focused to my initial questions: does SA on outgoing
smtp needs specific tweaks? Is it a good idea and does any body already
set it up?
thanks
On Tue, 2010-02-16 at 11:38 -1000, Alexandre Chapellon wrote:
Le mardi 16 février 2010 à 20:29 +, Martin Gregorie a écrit :
On Tue, 2010-02-16 at 08:44 -1000, Alexandre Chapellon wrote:
Hello the list,
I have a quite buggy customer network, full of zombie PCs that spends
all
Le mardi 16 février 2010 à 23:54 +, Martin Gregorie a écrit :
On Tue, 2010-02-16 at 11:38 -1000, Alexandre Chapellon wrote:
Le mardi 16 février 2010 à 20:29 +, Martin Gregorie a écrit :
On Tue, 2010-02-16 at 08:44 -1000, Alexandre Chapellon wrote:
Hello the list,
I
to the question.
Yes, the blacklist might make a hell of a difference. And the answer to
this might even make a difference, if you really want to filter outbound
mail through SA, or if there are other alternatives.
does SA on outgoing smtp needs specific tweaks? Is it a good idea and
does any body already
On Wednesday February 17 2010 00:43:04 Alexandre Chapellon wrote:
I'd like to re-focused to my initial questions: does SA on outgoing
smtp needs specific tweaks? Is it a good idea and does any body already
set it up?
SA already has some awareness of mail flow direction (inbound vs.
outbound
Look at grey-listing as well. It should be useful if it can distinguish
between the user's MUA (or private MTA) and a bot.
MUAs generally don't cope well with greylisting, as they lack good
mechanisms for automatic retries - so I'm not sure that's a good advice.
Why on earth not? You
For improved robustness of a pre-queue setup look for Postfix 2.7.0
with its smtpd_proxy_options=speed_adjust feature
Btw, the Postfix 2.7.0 also brings a feature which may be valuable
to you: an outgoing MTA can have multiple IP addresses on its interface,
and you can choose from which IP
At 13:49 16-02-10, Alexandre Chapellon wrote:
Mostly not but thoose who are doing so make my mail servers being
blacklisted from time to times.
(And I don't really care about dyn IP adresses being on blacklists... for now)
Your subnet will probably be blacklisted. As this is not the right
On Wed, 2010-02-17 at 02:07 +0100, Mark Martinec wrote:
Look at grey-listing as well. It should be useful if it can distinguish
between the user's MUA (or private MTA) and a bot.
MUAs generally don't cope well with greylisting, as they lack good
mechanisms for automatic retries - so I'm
Mark Martinec wrote:
Look at grey-listing as well. It should be useful if it can distinguish
between the user's MUA (or private MTA) and a bot.
MUAs generally don't cope well with greylisting, as they lack good
mechanisms for automatic retries - so I'm not sure that's a good advice.
On Tue, 2010-02-16 at 14:10 -1000, Alexandre Chapellon wrote:
Le mardi 16 février 2010 à 23:54 +, Martin Gregorie a écrit :
Where's the problem? You'll need to write some code to interpret SA's
spam markers anyway, so it can easily add a log message to maillog. Then
its trivial to
. And the answer to
this might even make a difference, if you really want to filter outbound
mail through SA, or if there are other alternatives.
does SA on outgoing smtp needs specific tweaks? Is it a good idea and
does any body already set it up?
Yes, it needs specific tweaks. As has
Le mercredi 17 février 2010 à 02:07 +0100, Mark Martinec a écrit :
Look at grey-listing as well. It should be useful if it can distinguish
between the user's MUA (or private MTA) and a bot.
MUAs generally don't cope well with greylisting, as they lack good
mechanisms for automatic
Le mercredi 17 février 2010 à 01:52 +, Martin Gregorie a écrit :
On Tue, 2010-02-16 at 14:10 -1000, Alexandre Chapellon wrote:
Le mardi 16 février 2010 à 23:54 +, Martin Gregorie a écrit :
Where's the problem? You'll need to write some code to interpret SA's
spam markers anyway,
I'd like to thank everybody for all the ideas spreaded around... This
will give me good clues, differents axis of reflexion, and arguments for
makers.
Regards
42 matches
Mail list logo
