[PLUG-TALK] Why ISPs Reject Spam Reports? - Mailman and Postfix

Michael Rasmussen michael at jamhome.us
Wed Mar 9 00:06:20 UTC 2016 

On Tue, Mar 08, 2016 at 03:25:00PM -0800, Keith Lofstrom wrote:
> If a mail for the list comes from a non-subscribed
> email address, Mailman can send an email back to 
> that email address saying "your email address is
> not subscribed".  However, if the email comes from
> a different IP address than the email address in
> the header, Mailman will send this helpful message
> to the header address, because it does not know
> what the actual source IP address is.
> 
> This behaves like an "open relay" - a spammer can send
> mail to a default-configured Mailman site, where it
> will bounce to the address they put in the header.
> 
> [snip]
> 
> It is theoretically possible for the postfix mail
> server (which feeds Mailman) to match the email domain
> address to the IP address.  

It is also practically possible. Mail like you're 
describing won't have a valid spf records, it probably
also fits the profile of "try once and move on" spammers.
So 
        check_policy_service unix:private/policy-spf,
        check_policy_service unix:postgrey/socket,
Would block all that nastiness from being accepted.

>From my logs I see Greylisting and checking the blacklist 
account for about 75% of all blocked email. DNS errors - 
non FQDN and Domain not found - count for about another 20%
from the sample.

Only 1181 postfix reject log messages were reviewed for 
generating this data.

For the record (and whatever critiques I can get) :
smtpd_recipient_restrictions    =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,
        reject_unknown_recipient_domain,
        reject_unauth_pipelining,
        reject_non_fqdn_sender,         
        reject_non_fqdn_hostname,
        reject_unknown_sender_domain,
        reject_unlisted_recipient,
        reject_rbl_client sbl-xbl.spamhaus.org,
        check_policy_service unix:private/policy-spf,
        check_policy_service unix:postgrey/socket,
        permit


-- 
      Michael Rasmussen, Portland Oregon  
    Be Appropriate && Follow Your Curiosity
Some part of a mistake is always correct. 
    ~ Savielly Tartakower

More information about the PLUG-talk mailing list