Re: [exim] When to use dns block lists

Wed, 15 Feb 2006 14:16:42 -0800 

Sub Zero wrote:

That policy is rather likely to land you on a blacklist yourself.


How will using gmail/yahoo land you on a blacklist?


The thinking of blocking even the postmaster address thinking "they can


use gmail/yahoo", akin to "let them eat cake", that's of issue.


If your system does not accept mail to the postmaster address, you culd be


listed on some RBLs... like this one: http://www.rfc-ignorant.org/

The RFC clearly states that your should name the postmaster address
world-acceptable *OR* give an alternative email address insead. I think it
is okay to let your blocked users contact you on your gmail addy instead..
:P
My mail server at my pc tells you to mail to
[EMAIL PROTECTED]

I would simply look at the dns record, domain record and website instead...
:)





You may 'think it is OK..' but RFC's aside, mail to 'postmaster' 
is more often generated  by a 'daemon', not a human, so the 
chance of it looking-up a gmail (or any other) address, ranges 
from 'zero' to 'none at all'.



It is not at all hard to configure Exim to accept legitimate 
mail to postmaster, as well as 'abuse', 'webmaster' and a select 
few similarly useful/commonly-helpful addresses if you wish, and 
to do so in such a manner as to NOT be flooded with garbage.



True even if running an essentially all-virtual environment for 
multiple domains. We have'postmaster' in an SQL DB as well as in 
/etc/aliases, purely to support custom lookups and delivery, but 
that is optional.



That you then use /etc/aliases and/or some form of DB to route 
such traffic off-box to another account - gmail if you wish - 
and/or 'sequester' it for review if/as/when you choose to go 
through it, is a better way to avoid hassle than 'let them use 
<whatever>' when <whatever> isn't machine-readable.


Our 'postmaster' account can even be reached as:

'[EMAIL PROTECTED]' - and such, for each IP.

- Though no other account can be.

All per RFC and Exim spec's....


You might also keep in mind that *any* lookup to an external 
source, be it a local flat-file or a remote DNS/other blacklist, 
has a time and server-resource 'cost' that can often be avoided 
by better use of Exim's 'built-in' tests.



Put the 'cleverness' on the inside, not on the outside, and the 
bones won't show.


YMMV

Bill Hacker

--

## List details at http://www.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/

## Please use the Wiki with this list - http://www.exim.org/eximwiki/






















					Reply via email to