On Fri, Feb 09, 2001 at 02:32:39PM -0800, Marc MERLIN typed:
> kenny:~# wc -l /var/log/exim/rejectlog
> 123680 /var/log/exim/rejectlog
> (that's in about 3 days)
Heh - VALinux is a big site - so just compare that the the amount of _total_
incoming mail you receive. The stats will become far less horrifying.
> For that matter, I've already had enlightened people like Ted T'so (major
> linux developer for those who don't know him) complain because we bounced
People, however enlightened, generally _do_ bitch when legit mail reaching
them bounces or is dropped on the floor. With the large number of windows
MTAs (iMail 5.x and 6.x seem to be the main offenders), I just can't block
idiots who refuse MAIL FROM:<>
Out here, we get far less mail than VALinux (a set of corporate mailservers,
handling mail for ~20 domains at least). Philip's canned clue brick (posted
here, with selections from various RFCs) is first posted to the whois contact
of the site concerned (if it becomes too frequent for comfort).
> Basically I'm walking a very fine line here. If I reject too much legitimate
> mail (i.e. mail with bad headers that isn't spam), I will be eventually
Heck, I'm catching hell for turning on RSS checking of incoming mail ... so
I've reverted to the old "RBL + DUL + an extensive private blacklist of people
who have spammed us" routine. It's laborious, but it helps.
> forced to turn off all checking (that's until checking can be done at rcpt
> to time, and be turned on and off on a per user basis).
User-level spam settings? Sendmail does this with SPAMFRIEND and SPAMHATER (in
the check_delay rulesets I think). GMX (a European freemail provider) does the
same thing ($deity knows how) with a heavily hacked qmail (which rejects mail
having envelope-from a freemail service if it doesn't originate from the
freemail's MXs).
> Users believe that if hotmail receives the mail, so should we. What can I
> say...
Hotmail is right, you know. They compensate for accepting everything by doing
(fairly stringent) user level filtering, but as that's a webmail app, it's
probably easier that way (and legit mail doesn't get binned, most of the time).
On the other hand, they (or one of their upstreams) is/was currently using the
RBL's BGP feed (to block packets from rbl'd sites at the router instead of the
mailserver). Caused several people to _immediately_ start bitching, IIRC.
People hate getting spammed, but they hate having legit mail bounce.
> The only thing that ticks me off is people who refuse all Email if the HELO
> domain doesn't match the name linked to the reverse lookup of the IP you're
> connecting from (Hello, NAT anyone!!!)
Not just NAT ... try IPs which have no rDNS configured at all (plenty of them
here in India unfortunately) :(
--suresh