[66755] in North American Network Operators' Group
Re: Large Mail Provider Throttling
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Thu Jan 22 21:16:12 2004
Date: Fri, 23 Jan 2004 07:45:16 +0530
From: Suresh Ramasubramanian <suresh@outblaze.com>
To: Edward Gray <egray@tucows.com>
Cc: nanog@merit.edu
In-Reply-To: <HHEHIDADCAMMPIEKEENHMEHECKAA.egray@tucows.com>
Errors-To: owner-nanog-outgoing@merit.edu
Edward Gray wrote:
> To protect ourselves from delayed mail, we have implemented several
> system wide rules to block Autoreplies and Undeliverable messages from
> being sent to the large providers. Unfortunately, this has resulted in
> many complaints from customers (since it's all or nothing). We have so
> far, left these rules enabled 24x7 since, the system already becomes
> degraded by the time we realize an event is occurring.
You might want to
* Use a mailserver that can reject rather than bounce email (that is, a
mailserver where the smtpd process has a view of the userdb)
* Use a "current spam source" blocklist like cbl.abuseat.org, as well as
a good open proxy blocklist like opm.blitzed.org
* Set up spamassasin to trash rather than later bounce email that does
get through your filters, and has a high enough spam score.
* Do some HELO filtering (HELO hotmail.com from an IP with rDNS that
doesn't say hotmail? HELO your.own.ip or HELO your.own.domain from an
untrusted IP that you don't relay for / that someone hasn't
authenticated from? REJECT) :)
* I'd add that a simple header check to reject (or preferably, discard)
any mail with the string ".mr.outblaze.com" in any Received: header will
get rid of a lot of spam for you.
There are a few other things, but these will be off topic here. Please
feel free to mail me offlist.
srs
--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations
