Amedee Van Gasse wrote:
On Sat, August 9, 2008 02:08, Alexey Eremenko wrote:
How about *forcing* email servers to use reverse DNS against all incoming email and the email "From: " field ?
I.e. If I received from someone@opensuse.org, but source IP address cannot be reverse-DNS-resolved, that it really came from openSUSE@org, wuch email can be automatically sent to spam folder. Is this possible ?
What are you talking about? a) Email headers: From: b) SMTP headers: MAIL FROM:
I assume you are talking about the difference between envelope sender and the From: field in the DATA part of the mail.
Do you know the difference between the two?
a) should be handled by a spamfilter like SpamAssassin. b) is done in postfix with reject_unverified_sender
reject_unverified_sender wil keep your box under *heavy* load. It has to verify *every* incoming email while the SMTP session is still open. The SMTP server at the other end may timeout resulting in unnecessary reconnects and more network traffic, or it may refuse your connection back, or it may simply be an Exchange^Wmisconfigured server, and then you lose some legitimate email. You'll need whitelists.
Please to not use global sender verification. It is like catching flies with a hammer. You might get some once in a while but the damage you do while using said appliance is rather heavy. In case of the listserver you would verify the sender address of the listserver (not very useful). opensuse-de+bounces-32203-suse-linux=japantest.homelinux.com@opensuse.org In this case I would have to check if the listserver would even recognise the address extension as a valid address. Additionally, a lot of other big companies don't use valid sender addresses, so the false positive rate is rather high. An additional risk is that some ISPs are blacklisting you if your probes result in too many rejected address probes. T-Online.de for example blacklists you if you try to send to more than 40 invalid recipients within 24 hours. Don't use whitelists for sender verification, instead use it only for select domains that are falsified often. You might get away with that if you only use the server for your own needs but once the server is used by many people it's simply not possible to know all desired clients or mails anymore. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org