|FM||Oct 30, 2007 2:06 pm|
|Jeff Jansen||Oct 30, 2007 9:22 pm|
|cour...@thefreecat.org||Oct 31, 2007 4:05 am|
|gor...@bobich.net||Oct 31, 2007 4:32 am|
|cour...@thefreecat.org||Oct 31, 2007 5:11 am|
|gor...@bobich.net||Oct 31, 2007 5:57 am|
|João Vale||Oct 31, 2007 6:12 am|
|gor...@bobich.net||Oct 31, 2007 6:24 am|
|Arturo 'Buanzo' Busleiman||Oct 31, 2007 6:34 am|
|gor...@bobich.net||Oct 31, 2007 7:03 am|
|FM||Oct 31, 2007 7:24 am|
|gor...@bobich.net||Oct 31, 2007 7:35 am|
|Gordon Messmer||Nov 1, 2007 9:20 pm|
|gor...@bobich.net||Nov 2, 2007 9:43 am|
|Arturo 'Buanzo' Busleiman||Nov 2, 2007 9:50 am|
|gor...@bobich.net||Nov 2, 2007 10:10 am|
|Gordon Messmer||Nov 2, 2007 2:01 pm|
|Gordan Bobic||Nov 2, 2007 2:49 pm|
|Alessandro Vesely||Nov 3, 2007 2:44 pm|
|Gordon Messmer||Nov 3, 2007 5:59 pm|
|Jérôme Blion||Nov 3, 2007 6:16 pm|
|Gordan Bobic||Nov 4, 2007 1:19 am|
|Gordan Bobic||Nov 4, 2007 1:31 am|
|Arturo 'Buanzo' Busleiman||Nov 4, 2007 5:15 am|
|Arturo 'Buanzo' Busleiman||Nov 4, 2007 5:23 am|
|Gordon Messmer||Nov 4, 2007 4:32 pm|
|Jérôme Blion||Nov 4, 2007 4:52 pm|
|Alessandro Vesely||Nov 4, 2007 10:40 pm|
|Bernd Wurst||Nov 4, 2007 11:09 pm|
|Lisa Muir||Nov 4, 2007 11:51 pm|
|gor...@bobich.net||Nov 5, 2007 1:38 am|
|gor...@bobich.net||Nov 5, 2007 1:47 am|
|Lisa Muir||Nov 5, 2007 4:09 am|
|gor...@bobich.net||Nov 5, 2007 4:41 am|
|Lisa Muir||Nov 5, 2007 4:57 am|
|gor...@bobich.net||Nov 5, 2007 5:36 am|
|Harry Duncan||Nov 5, 2007 6:22 am|
|Alessandro Vesely||Nov 5, 2007 8:16 am|
|Alessandro Vesely||Nov 5, 2007 9:08 am|
|Bernd Wurst||Nov 5, 2007 12:44 pm|
|Alessandro Vesely||Nov 6, 2007 12:30 am|
|Subject:||Re: [courier-users] courier-mta and amavis-new +clamAV|
|Date:||Nov 2, 2007 9:43:43 am|
On Thu, 1 Nov 2007, Gordon Messmer wrote:
More to the point, there are many situations where one might send valid email that would look invalid according to the SPF.
Could you provide some examples, please?
Since you asked: A consultant comes to my site and needs to send an email out. I run transparent port 25 redirection on the firewall to a local smart-host that allows sending from the local IPs.
I just want to take a moment to shake a finger at the guy who came into a conversation to complain that greylisting is broken, and finished it by talking about transparent redirection. Shame on you
The two issies are completely different. One is about maintaining control and awareness on your own network. The other is about breaking mail delivery for perfectly valid mail. I'm sure there are enough essays on the internet on why SPF is broken that I don't have to summarise them here.
I'm not saying that greylisting isn't broken. It's a hack. I think everyone knows that. The thing is that every effective anti-spam tech is a broken hack. All of them. Content blacklisting (a'la spamassassin), bayesian statistical content scanning, greylisting, and (arguably) RBLs. They all break something in order that spammers can't use SMTP to do what SMTP is supposed to do. The only non-broken-hack way to deal with spam is to read your email and delete what you don't care about.
Not quite - nolisting works, has 0 false positives from RFC compliant senders, and even if there is a brief network outage that delays mail, the RFC compliant MTA will still retry, so the worst you get is a minor delay.
This is mainly for logging purposes -
You don't need to redirect connections to log them. You can log connections using iptables without changing the packets at all. You can log entire transactions with a number of packages, also without redirecting them.
I think any sane person would prefer to read the maillog instead of the packet log, especially if you need the useful protocol relevant information such as from and to headers.
anybody who has ever had to allow a lot of windows machines on their network will have suffered zombies spamming and getting their IP address blacklisted as a consequences.
Less hackish is simply blocking access to port 25 entirely. Ask visitors to use a VPN, or to use SMTP over SSL (port 465), or to use MSA (port 587) to send messages. My previous employer did that, and no one ever complained.
There's a tradeof between flexibility and functionality there. Sometimes logging is more important, especially if you need audit logs for other reasons.
With SMTP logs in one place for all outbound mail, at least you can identify what internal address it came from and thus what machine is/was spamming.
As an added bonus, blocking port 25 makes logging irrelevant.
But doesn't help you find zombies on your network.