Matt Fretwell wrote:
This email, for instance was sent from a properly configured mta running antispam and antivirus scanning in BOTH directions, from a dynamic ip. If my wife sends email from her computer, it goes to the isp's mta, which does inbound only scanning. I have several rules in place for postfix to force it to use my isp's mta for domains that refuse traffic from dynamic or "residential" ip addresses. The price for a non-residential ip from my isp is nearly double that for residential. Do I get any added-value service for that? No, in fact, I lose the ability to take faulty equipment directly to the service center for replacement, instead of waiting for a service call. I think more people running mtas would take the tack of examining the TRAFFIC, not the IP it came from. That's just laziness.Brian Read wrote:
Block all mails from dynamic IP. They are 99,99% spam.
No they aren't that "rule" causes quite a few of my customers a headache, as the (linux) mailserver I often install sends the email direct, irrespective of whether there Ip is "dynamic" or "static". Some
ISPs charge an arm and a leg for static IPs.
There are reasonable ISP's, (pricewise), with regards to static ranges.
There is however the fact that whether the IP's are static or dynamic, business or domestic class, some ISP's, (mentioning no names), impose relay restrictions by the domain part in the *sender* address, if you try doing it the 'relay through ISP's mailhost' way. Which does leave the choice of having the MTA connect directly to retain the correct domain part of the senders mail address. This bumph about people shouldn't be allowed to run a direct MTA to MTA setup unless they have static IP's is nonsense. One might even say that it is MTA (elitism|snobbery). There are plenty of legitimate MTA setups running on dynamic IP's. A lot of the time they are configured in a better fashion than the service providers own MTA's that most would have them relay through. There really is no legitimate reason for blocking dynamic IP ranges at the outset. What really does amaze me though, is that these are generally the admins who will turn around and say, 'Don't block (variable), you will lose too much legitimate mail'. Where is the logic in that? They will allow a crappily configured multinational corporation or ISP to connect, yet not give dynamics the slightest chance to prove their reliability.
Matt
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html