We actually dont use qpsmtp - as I think I mentioned here on this list. We manage several thousand tmda-protected mailboxes, and a couple thousand un-protected boxes. For our uses, qpsmtp was not the way to go for smtp-time checks, as at the time I looked into it it did not scale well and didnt have ssl included (this may have changed since when I last looked at it)
We use spamcontrol, located here: http://www.fehcom.de/qmail/spamcontrol.html In addition, we have complied in a bunch of custom code using the above as a base. Thanks. At 12:25 AM 10/31/2006, Zeno Davatz wrote: >Hi! > >Thanks for the Info! > >Do you use qpsmtpd? If yes, are you satisfied with it and do you use >any of the plugins available? > >Thank you for your Feedback. > >Best >Zeno > >2006/10/31, Zeno Davatz <[EMAIL PROTECTED]>: > > Hallo Hannes > > > > Hier noch weitere Info, die ev. hilft. > > > > Mit Gruss > > Zeno > > > > ---------- Forwarded message ---------- > > From: Conrad <[EMAIL PROTECTED]> > > Date: 31.10.2006 00:04 > > Subject: Re: Spamcop Bullshit > > To: TMDA Users <[email protected]> > > Cc: Zeno Davatz <[EMAIL PROTECTED]> > > > > > > Ive found the following things help out against spamcop: > > > > - run a rbl check against major blacklists (think nagios) and apply > > to be removed asap. We usually request to be removed within 10 > > minutes of being placed on a RBL. > > > > - apply as many smtp-transaction checks as possible, including spf. > > Dk does not protect against joe-jobbed domains, but only at the > > individual email. A dk-protected domain can still validly send non-dk > > signed email. > > > > - apply spamassissin and other internal checks - a SA score of 10 or > > more should NOT send out a confirm message. This is configured in > > tmda via "headers .... hold" > > > > - apply a regex of common spam words - including misspellings and > > other things. We currently run a regex file of +/- 200 lines on all > > tmda-protected accounts, and do not send confirms for those messages > > (headers-file ... hold, body-file .. .hold). This catches most SA > > scored messages between 10 and 4, but allows for a valid sender to > > send a high SA scored message and get a confirmation request. Of > > course, there will be a resources hit with a regex file this big - > > but I feel its worth it. > > > > - move outbound tmda messages to an IP you dont care about. We have a > > separate server we run exclusively for tmda-outbound messages. Use > > "mailtransport" and "smtphost" to configure these. This mail server > > is has a shorter default queue lifetime. The bad thing about this is > > that all tmda-related messages go this route - not just confirmationm > > requests. So your released messages and tmda-ofmipd messages will go > > out through the same IP. You could set this up as another instance of > > your favorite mail software on the same server on another IP, or a > > seperate server. > > > > The point of the above is to remove the amount of backscatter tmda > > causes. Note that for all the above I recommend a hold instead of > > drop - as this way you can still see the incoming messages and > > release/adjust as necessary. > > > > Using all of the above, we have mitigated our RBL risks. We still get > > on one from time to time, but every moment not on a blacklist helps! > > > > Thanks. > > > > At 09:11 AM 10/30/2006, Todd A. Jacobs wrote: > > >On Mon, Oct 30, 2006 at 03:35:11PM +0100, Zeno Davatz wrote: > > > > > > > because TMDA sends out replys to dead end Spam-Traps of Spamcop. > > > > > >FWIW, SPF and domainkeys were designed specifically to prevent joe-jobs, > > >but neither is widely adopted. YMMV. > > > > --Photocon > > Conrad Hunziker III > > NightSky Hosting - http://www.nightskyhosting.com/ > > >_________________________________________________ >tmda-workers mailing list ([email protected]) >http://tmda.net/lists/listinfo/tmda-workers _________________________________________________ tmda-workers mailing list ([email protected]) http://tmda.net/lists/listinfo/tmda-workers
